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MPLS| 


Course Introduction 


Overview 


Service providers today are faced with many challenges in terms of customer demand, 
including an ongoing need for value-added services. Conventional IP packet forwarding has 
several limitations, and more and more service providers realize that something else is needed. 
Not only must service providers be concerned with protecting their existing infrastructure, but 
service providers must also find ways to generate new services that are not currently 
supportable using existing technologies. 


Multiprotocol Label Switching (MPLS) is a high-performance method for forwarding packets 
through a network. MPLS enables routers at the edge of a network to apply simple labels to 
packets. This practice allows the edge devices—ATM switches or existing routers in the center 
of the service provider core—to switch packets according to labels, with minimal lookup 
overhead. MPLS integrates the performance and traffic management capabilities of data link 
Layer 2 with the scalability and flexibility of network Layer 3 routing. When used in 
conjunction with other standard technologies, MPLS allows service providers the ability to 
support value-added features that are critical for their networks. 


Implementing Cisco MPLS (MPLS) v2.1 is recommended training for individuals seeking 
certification as a Cisco CCIP™. The focus of this course is on MPLS technology issues as 
those issues apply to service providers and on how to configure new features and functions in 
an existing routed environment. 
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Learner Skills and Knowledge 


This subtopic lists the skills and knowledge that learners must possess to benefit fully from the 
course. The subtopic also includes recommended Cisco learning offerings that learners should 
complete in order to benefit fully from this course. 


Learner Skills and Knowledge 
Cisco corn 


* Cisco CCNA® certification 
¢ Building Scalable Cisco Internetworks (BSCl) 
* Configuring BGP on Cisco Routers (BGP) 


NOTE: Practical experience with deploying and operating networks 
based on Cisco network devices and Cisco IOS software is strongly 
recommended. 
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Course Goal and Objectives 


This topic describes the course goal and objectives. 


Course Goal 


“To design, implement, and verify an 
MPLS VPN domain capable of multiple 


customer sites with managed central 
services and Internet access” 


Implementing Cisco MPLS (MPLS) 


Upon completing this course, you will be able to meet these objectives: 


Describe the features of MPLS 
Describe how MPLS labels are assigned and distributed 


Describe the tasks and commands necessary to implement MPLS on frame-mode and LC- 
ATM Cisco IOS platforms 


Describe the MPLS peer-to-peer architecture and explain the routing and packet- 
forwarding model in this architecture 


Configure, monitor, and troubleshoot VPN operations 


Describe how the overlapping model can be used to implement managed services and 
Internet access 


Describe the various Internet access implementations that are available and the benefits and 
drawbacks of each model 
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Course Flow 


This topic presents the suggested flow of the course materials. 


Course Flow Diagram 


Day 1 
Course 


Introduction MPLS VPN Internet 
MPLS Virtual Implementation Access from 


Private (Cont.) an MPLS VPN 
Network Complex 
Mi) MPLS Concepts Technology MPLS VPNs 


Label 
Assignment 
and Distribution 


Complex 
Frame-Mode 
and Cell-Mode MPLS VPNs 


iiapiom entation mPES YEN 
on Cisco 10S Implementation 


Platforms 


The schedule reflects the recommended structure for this course. This structure allows enough 
time for the instructor to present the course information and for you to work through the 
laboratory activities. The exact timing of the subject materials and labs depends on the pace of 
your specific class. 
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Additional References 


This topic presents the Cisco icons and symbols used in this course, as well as information on 
where to find additional technical references. 


Cisco Icons and Symbols 


> a 
<4 Router ae | Workgroup Switch 


— 


aw Network 
2 Cloud, 


Edge Label A : \ White 
Switch WItC — 
Router 


Line: Ethernet 


Line: Serial 


Cisco Glossary of Terms 


For additional information on Cisco terminology, refer to the Cisco Internetworking Terms and 
Acronyms glossary of terms at http://www.cisco.com/univercd/cc/td/doc/cisintwk/ita/index.htm. 
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Your Training Curriculum 
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This topic presents the training curriculum for this course. 


Cisco Career Certifications 


Expand Your Professional Options 
and Advance Your Career 
Cisco CCIP 


CCNA 


http://www.cisco.com/go/certifications 


© 2004 Cisco Systems, Inc. All rights reserved. 


You are encouraged to join the Cisco Certification Community, a discussion forum open to 
anyone holding a valid Cisco Career Certification (such as Cisco CCIE®, CCNA®, CCDA®, 
CCNP", CCDP®, CCIP™, or CCSP"). It provides a gathering place for Cisco-certified 
professionals to share questions, suggestions, and information about Cisco Career Certification 
programs and other certification-related topics. For more information, visit 
http://www.cisco.com/en/US/learning/le3/le2/le4 1/learning_certification_level_home.html. 
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Module 1 | 


MPLS Concepts 


Overview 


This module explains the features of Multiprotocol Label Switching (MPLS) compared with 
those of traditional ATM and hop-by-hop IP routing. MPLS concepts and terminology, along 
with MPLS label format and label switch router (LSR) architecture and operations, are 
explained in this module. 


Module Objectives 


Upon completing this module, you will be able to describe the features of MPLS. This ability 
includes being able to meet these objectives: 


m Describe the basic MPLS concepts 
m Describe the structure and function of MPLS labels and MPLS label stacks 
m™ Describe the different MPLS applications in which you can use MPLS 
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Lesson 1 | 


Introducing Basic MPLS 
Concepts 


Overview 


This lesson discusses the basic concepts and architecture of MPLS. The lesson provides 
information about some of the MPLS components and labels. This lesson lays the foundation 
for subsequent lessons that cover key areas, such as Cisco MPLS Traffic Engineering (MPLS 
TE) and Virtual Private Networks (VPNs). 


It is important to have a clear understanding of the role of MPLS and the makeup of the devices 
and components. This understanding will help the learner have a clear picture of how to 
differentiate between the roles of certain devices and understand how information gets 
transferred across an MPLS domain. 


Objectives 


Upon completing this lesson, you will be able to describe the basic MPLS concepts, including 
the drawbacks in traditional IP routing. This ability includes being able to meet these 
objectives: 


m™ Describe the drawbacks of traditional IP routing 

m™ Describe the basic features of MPLS 

m™ Describe the differences between MPLS and IP over ATM 
m™ Describe the features of traffic engineering 

m™ Describe the main components of the MPLS architecture 
m™ Describe the features of MPLS labels 

m™ Describe the function of the different types of LSRs 
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What Are the Drawbacks of Traditional IP 
Routing? 


This topic describes the drawbacks of traditional IP routing. 


Drawbacks of Traditional IP pout 


¢ Routing protocols are used to distribute Layer 3 
routing information. 


¢ Forwarding is based on the destination 
address only. 


* Routing lookups are performed on every hop. 


Before basic MPLS functionality is explained, the following three drawbacks of traditional IP 
routing need to be highlighted: 


= Routing protocols are used on all devices to distribute routing information. 


m Regardless of the routing protocol, routers always forward packets based on the destination 
address only. The only exception is policy-based routing (PBR), which bypasses the 
destination-based routing lookup. 


= Routing lookups are performed on every router. Each router in the network makes an 
independent decision when forwarding packets. 


MPLS helps reduce the number of routing lookups and can change the forwarding criteria. This 
capability eliminates the need to run a particular routing protocol on all the devices. 
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Example: Traditional IP Forwarding 


The figure shows how routers in a service provider network forward packets based on their 
destination addresses. The figure also shows that all the routers need to run a routing 
protocol—Border Gateway Protocol (BGP)—to get the entire Internet routing information. 


Drawbacks of Traditional IP Routing: 
Traditional IP Forwarding 


Routing Routing 
oa) 


° Every router may need full Internet routing 
information (more than 100,000 routes). 


° Destination-based routing lookup is needed on 
every hop. 
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Every router in the path performs a destination-based routing lookup in a large forwarding 
table. Forwarding complexity is usually related to the size of the forwarding table and to the 
switching mechanism. 
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Example: IP over ATM 


The figure shows a worst-case scenario where Layer 2 and Layer 3 topologies do not overlap. 


Drawbacks of Traditional IP Routing: 


IP over ATM 
ee | ee Piscean | 


¢ Layer 2 devices have no knowledge of Layer 3 routing 
information—virtual circuits must be manually established. 


¢ Layer 2 topology may be different from Layer 3 topology, 
resulting in suboptimal paths and link use. 


¢ Even if the two topologies overlap, the hub-and-spoke topology 
is usually used because of easier management. 
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The result is that a single packet, which could be propagated with three Layer 2 hops, instead 
requires seven hops. The reason for this is that Layer 2 devices have static information about 
how to interconnect Layer 3 devices. Routers use a routing protocol to propagate Layer 3 
routing information through the intermediary router. 
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Example: Traffic Engineering 


The figure shows a topology with unequal links. 


Drawbacks of Traditional IP Routing: 
Traffic Engineering 


oe Primary _ 
mae ; i OC-192 Link A ‘ — 
( Large Site A Large SiteB > 


Backup 
OC-48 Link 


( Small SiteC _ 


* Most traffic goes between large sites A and B, and uses only the 
primary link. 

¢ Destination-based routing does not provide any mechanism for load 
balancing across unequal paths. 

* Policy-based routing can be used to forward packets based on other 
parameters, but this is not a scalable solution. 


ms, Inc. All righ! rved MPLS v2.1—1-6 


Traffic patterns illustrate that most of the traffic goes between sites A and B. Traditional IP 
forwarding does not have a scalable mechanism to allow use of the backup link. This situation 
results in unequal load balancing. 
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What Are the Basic MPLS Features? 


This topic describes the basic features of MPLS. 


Basic MPLS Concepts 


* MPLS is a new forwarding mechanism in which 
packets are forwarded based on labels. 


* Labels usually correspond to IP destination 
networks (equal to traditional IP forwarding). 


¢ Labels can also correspond to other parameters, 
such as QoS or source address. 


¢ MPLS was designed to support forwarding of other 
protocols as well. 


MPLS is a new switching mechanism that uses labels (numbers) to forward packets. 


Labels usually correspond to Layer 3 destination addresses (equal to destination-based routing). 
Labels can also correspond to other parameters, such as quality of service (QoS), source 
address, or a Layer 2 circuit. 


MPLS was designed to support forwarding of other protocols as well. Label switching is 
performed regardless of the Layer 3 protocol. 
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Example: MPLS Concepts 


The figure illustrates a situation in which the intermediary router does not have to perform a 
time-consuming routing lookup. Instead, this router simply swaps a label with another label (25 
is replaced by 23) and forwards the packet based on the received label (23). 


Basic MPLS Concepts Example 


Label Removal and| |Routing Lookup and 
Routing Lookup Label Assignment 
b= 10.0.0.0/8 > L=25 


Label Swapping 
L=25 > L=23 


¢ Only edge routers must perform a routing lookup. 


¢ Core routers switch packets based on simple label lookups and 
swap labels. 
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In larger networks, the result of MPLS labeling is that only the edge routers perform a routing 
lookup. All the core routers forward packets based on the labels. 
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What Are the Differences Between MPLS and IP 
over AIM? 


This topic describes the differences between MPLS and IP over ATM. 


MPLS vs. IP over ATM 


Layer 2 devices run a Layer 3 
routing protocol and establish 
virtual circuits dynamically 
based on Layer 3 information. 


* Layer 2 devices are IP-aware and run a routing protocol. 
* There is no need to manually establish virtual circuits. 
¢ MPLS provides a virtual full mesh topology. 
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MPLS is used in ATM networks to provide optimal routing across Layer 2 ATM switches. 


Example: MPLS vs. IP over ATM 


For MPLS to work with ATM switches, the switches must be Layer 3-aware. In other words, 
ATM switches must run a Layer 3 routing protocol. 


Another benefit of this setup is that there is no longer a need to manually establish virtual 
circuits. ATM switches automatically create a full mesh of virtual circuits based on Layer 3 
routing information. 
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What Is Traffic Engineering? 


This topic describes the features of traffic engineering (TE). 


Traffic Engineering with MPLS 


Secondary 
OC-48 Link 


Small SiteC >) 


¢ Traffic can be forwarded based on other parameters 
(QoS, source, and so on). 


¢ Load sharing across unequal paths can be achieved. 
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MPLS also supports TE. Traffic-engineered tunnels can be created based on traffic analysis to 
provide load balancing across unequal paths. 


Multiple TE tunnels can lead to the same destination but can use different paths. Traditional IP 
forwarding would force all traffic to use the same path based on the destination-based 
forwarding decision. TE determines the path at the source based on additional parameters, such 
as available resources and constraints in the network. 
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What Are the MPLS Architecture Components? 


This topic describes the main components of the MPLS architecture. 


MPLS Architecture 


MPLS has two major components: 


¢ Control plane: Exchanges Layer 3 routing 
information and labels; contains complex 
mechanisms to exchange routing information, such 


as OSPF, EIGRP, IS-IS, and BGP, and to exchange 
labels; such as TDP, LDP, BGP, and RSVP 


* Data plane: Forwards packets based on labels; has 
a simple forwarding engine 


MPLS consists of the following two major components: 


= Control plane: The control plane takes care of the routing information exchange and the 
label exchange between adjacent devices 


= Data plane: The data plane takes care of forwarding based on either destination addresses 
or labels; this is also known as the forwarding plane. 


A large number of different routing protocols, such as Open Shortest Path First (OSPF), 
Interior Gateway Routing Protocol (IGRP), Enhanced Interior Gateway Routing Protocol 
(EIGRP), Intermediate System-to-Intermediate System (IS-IS), Routing Information Protocol 
(RIP), and Border Gateway Protocol (BGP), can be used in the control plane. 


The control plane also requires protocols such as the label exchange protocols, Tag Distribution 
Protocol (TDP), MPLS Label Distribution Protocol (LDP), BGP (used by MPLS VPN), to 
exchange labels. Resource Reservation Protocol (RSVP) is used by MPLS TE to accomplish 
this exchange. 


The data plane, however, is a simple label-based forwarding engine that is independent of the 
type of routing protocol or label exchange protocol. The label forwarding information base 
(LFIB) table is used to forward packets based on labels. The LFIB table is populated by the 
label exchange protocols (TDP or LDP, or both) used. 
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MPLS Architecture (Cont.) 


g 
8 


Router functionality is divided into two major 
parts: the control plane and the data plane 
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MPLS implements destination-based forwarding that uses labels to make forwarding decisions. 


A Layer 3 routing protocol is still needed to propagate Layer 3 routing information. A label 
exchange mechanism is simply an add-on to propagate labels that are used for Layer 3 
destinations. 


Example: Control Plane Components 
The figure illustrates the two components of the control plane. 
m OSPF, which receives and forwards IP network 10.0.0.0/8. 


m= LDP, which receives label 17 to be used for packets with destination address 10.x.x.x. A 
local label 24 is generated and sent to upstream neighbors so that these neighbors can label 
packets with the appropriate label. LDP inserts an entry into the data plane LFIB table, 
where label 24 is mapped to label 17. 


The data plane then forwards all packets with label 24 through the appropriate interfaces and 
replaces label 24 with label 17. 
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What Are MPLS Labels? 


This topic describes the features of MPLS labels. 


MPLS Labels 


¢ MPLS technology is intended to be used anywhere 
regardless of Layer 1 media and Layer 2 protocol. 


* MPLS uses a 32-bit label field that is inserted 
between Layer 2 and Layer 3 headers 
(frame-mode MPLS). 


e MPLS over ATM uses the ATM header as the label 
(cell-mode MPLS). 


MPLS is designed for use on virtually any media and Layer 2 encapsulation. Most Layer 2 
encapsulations are frame-based, and MPLS simply inserts a 32-bit label between the Layer 2 
and Layer 3 headers (“frame-mode” MPLS). 


ATM is a special case where fixed-length cells are used and a label cannot be inserted on every 
cell. MPLS uses the virtual path identifier/virtual channel identifier (VPI/VCI) fields in the 
ATM header as a label (“cell-mode” MPLS). 
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MPLS Labels: Label Format 


wee ees 


0 19 20 22 23 24 


MPLS uses a 32-bit label field that contains 


the following information: 
° 20-bit label 
¢ 3-bit experimental field 
° 1-bit bottom-of-stack indicator 
° 8-bit TTL field 
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This table describes the fields contained in the 32-bit label. 


32-Bit Label Fields 


Field Description 

20-bit label The actual label. Values 0 to 15 are reserved. 

3-bit experimental Used to define a class of service (CoS) (IP precedence). 
field 

Bottom-of-stack bit MPLS allows multiple labels to be inserted; this bit determines if 


this label is the last label in the packet. If this bit is set (1), it 
indicates that this is the last label. 


8-bit TTL field Has the same purpose as the TTL (time-to-live) field in the IP 
header. 
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Example: MPLS Labels—Frame-Mode MPLS 


The figure shows an edge router that receives a normal IP packet. 


MPLS Labels: Frame-Mode MPLS 


Frame 
IP Header Payload 
Layer 2 Layer 3 5 a 


Routing Lookup and 
Label Assignment 
bd 
Frame 
pista Sots i 


Layer 2 Layer 2% Layer 3 
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The router then does the following tasks: 


m= The router performs routing lookup to determine the outgoing interface. 

m The router assigns and inserts a label between the Layer 2 frame header and the Layer 3 
packet header, if the outgoing interface is enabled for MPLS and if a next-hop label for the 
destination exists. The router then changes the Layer 2 Ethertype value to indicate that this 
is a labeled packet. 

m The router sends the labeled packet. 

Note Other routers in the core simply forward packets based on the label. 
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MPLS Labels: Cell-Mode MPLS 
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IP Header Payload 
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Cell-mode MPLS uses the ATM header VPI/VCI field for forwarding decisions. The 32-bit 
label is preserved in the frame but is not used in the ATM network. The original label is present 
only in the first cell of a packet. 
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What Are the Label Switch Router Functions? 


This topic describes the function of the different types of LSRs. 


Label Switch Routers 


MPLS Domain 


Edge 
LSR 


¢ LSR primarily forwards labeled packets (label swapping). 


* Edge LSR primarily labels IP packets and forwards them 
into the MPLS domain, or removes labels and forwards IP 
packets out of the MPLS domain. 


MPLS v2.1—1-17 


In preparation for a detailed description of MPLS, here is some of the terminology used in this 
course: 


m LSR: A device that forwards packets primarily based on labels 
m= Edge LSR: A device that primarily labels packets or removes labels 


LSRs and edge LSRs are usually capable of doing both label switching and IP routing. Their 
names are based on their positions in an MPLS domain. Routers that have all interfaces enabled 
for MPLS are called LSRs because they mostly forward labeled packets. Routers that have 
some interfaces that are not enabled for MPLS are usually at the edge of an MPLS domain— 
autonomous system (AS). These routers also forward packets based on IP destination addresses 
and label them if the outgoing interface is enabled for MPLS. 
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Label Switch Routers: 
ATM Label Switch Router 


MPLS Domain 


L=1/3 | L=1/3 , L=1/3 
> 


L=1/6 , L=1/6 ) L=1/6 L=1/9 , L=1/9 , L=1/9 


L=VPI/VCI 


¢ An ATM LSR can forward only cells. 


* An ATM edge LSR segments packets into cells and 


forwards them into an MPLS ATM domain, or 


reassembles cells into packets and forwards them out of 


an MPLS ATM domain. 
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LSRs that perform cell-mode MPLS are divided into the following categories: 
m= ATMLSRs, if they are ATM switches. All interfaces are enabled for MPLS, and 


forwarding is done based only on labels. 


m ATM edge LSRs, if they are routers connected to an MPLS-enabled ATM network. 
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MPLS Concepts 


1-19 


Label Switch Routers: 
Architecture of LSRs 


¢ LSRs, regardless of the type, perform these 
functions: 


—Exchange routing information 
— Exchange labels 


— Forward packets (LSRs and edge LSRs) or cells 
(ATM LSRs and ATM edge LSRs) 


¢ The first two functions are part of the control 
plane. 


° The last function is part of the data plane. 


LSRs of all types must perform these functions: 


m Exchange Layer 3 routing information; ATM LSRs must also exchange Layer 3 routing 
information (control plane). 


m Exchange labels (control plane). 

m Forward packets or cells (data plane). 

m Frame-mode MPLS forwards packets based on the 32-bit label. 

m™ Cell-mode MPLS forwards packets based on labels encoded into the VPI/VCI fields in the 
ATM header. 

The data plane performs the following functions: 

m Exchanges routing information regardless of the type of LSR 


m Exchanges labels according to the type of MPLS (frame-mode or cell-mode) 
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Label Switch Routers: 
Architecture of ATM LSRs 
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The primary function of an LSR is to forward labeled packets. Therefore, every LSR needs a 
Layer 3 routing protocol (for example, OSPF, EIGRP, IS-IS) and a label distribution protocol 
(for example, LDP, TDP). 


LDP populates the LFIB table in the data plane that is used to forward labeled packets. 


Note LSRs may not be able to forward unlabeled packets either because they are ATM LSRs or 
because they do not have all of the routing information. 
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Label Switch Routers: 
Architecture of Edge LSRs 
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Edge LSRs also forward IP packets based on their IP destination addresses and optionally label 
them if a label exists. 


The following combinations are possible: 


m A received IP packet is forwarded based on the IP destination address and sent as an IP 
packet. 


m A received IP packet is forwarded based on the IP destination address and sent as a labeled 
packet. 


m A received labeled packet is forwarded based on the label; the label is changed and the 
packet is sent. 


The following scenarios are possible if the network is not configured properly: 


m A received labeled packet is dropped if the label is not found in the LFIB table, even if the 


IP destination exists in the IP forwarding table—also called the Forwarding Information 
Base (FIB). 


m= A received IP packet is dropped if the destination is not found in the IP forwarding table 
(FIB table), even if there is an MPLS label-switched path toward the destination. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


A major drawback of traditional IP routing is that packets are always 
forwarded based on the destination address. 


MPLS forwards packets based on labels. 


MPLS can be implemented in ATM networks to provide optimal 
routing across Layer 2 ATM switches. 


MPLS allows traffic engineering to provide load balancing across 


unequal paths. 
MPLS has two major components: control plane and data plane. 


MPLS technology can be used anywhere regardless of Layer 1 
media and Layer 2 protocol. 


All LSRs perform three functions: 
— Exchange routing information 
— Exchange labels 
— Forward packets or cells (depending on type) 
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Lesson 2 | 


Introducing MPLS Labels and 
Label Stack 


Overview 


This lesson explains the four fields that make up an MPLS label. This lesson also explains how 
label stacking is used and how labels are forwarded in frame-mode and cell-mode 
environments. 


To fully understand MPLS, it is necessary to have a clear understanding of the format of an 
MPLS label and a definition for each field in that label. You also need to know exactly how 
information is passed from node to node in the network. 


Objectives 
This lesson describes MPLS labels and an MPLS label stack, including the format of the MPLS 
label and also when and why a label stack is created. This ability includes being able to meet 
these objectives: 


m™ Describe where MPLS labels are inserted in an IP packet 
= Describe the format and fields of an MPLS label 
= Describe the features of an MPLS label stack 


m Describe how MPLS forwards packets 
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Where Are MPLS Labels Inserted? 


This topic describes where MPLS labels are inserted in an IP packet. 


MPLS Labels 


* Labels are inserted between the Layer 2 (frame) 
header and the Layer 3 (packet) header. 


* There can be more than one label (label stack). 


¢ The bottom-of-stack bit indicates if the label is the 
last label in the label stack. 


° The TTL field is used to prevent the indefinite 
looping of packets. 


¢ Experimental bits are usually used to carry the IP 
precedence value. 


MPLS uses a 32-bit label that is inserted between the Layer 2 and Layer 3 headers. An MPLS 
label contains the following four fields: 


m= The actual label 

m= Experimental field 
= Bottom-of-stack bit 
m TTL field 


These fields are explained in detail in this lesson. 
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What Is the MPLS Label Format? 


This topic describes the format and fields of an MPLS label. 


MPLS Label Format 


LABEL exe || TTL 


19 20 22 23 24 


MPLS uses a 32-bit label field that contains the 
following information: 


° 20-bit label (a number) 
° 3-bit experimental field (usually used to carry IP 


precedence value) 


° 1-bit bottom-of-stack indicator (indicates whether 
this is the last label before the IP header) 


° 8-bit TTL (equal to the TTL in the IP header) 


A label contains the fields listed in this table. 


Label Fields 


Field 


20-bit label 


Description 


The actual label. Values O to 15 are reserved. 


3-bit experimental 
field 


Used to define a CoS (IP precedence). 


Bottom-of-stack bit 


MPLS allows multiple labels to be inserted; this bit determines if 
this label is the last label in the packet. If this bit is set (1), it 
indicates that this is the last label. 


8-bit TTL field 


Has the same purpose as the TTL (time-to-live) field in the IP 
header. 
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What Is an MPLS Label Stack? 


This topic describes the features of an MPLS label stack. 


MPLS Label Stack 


Top Middle Bottom IP Header Payload ; 
S=0 S=0 S=1 


¢ The protocol identifier in a Layer 2 header specifies that 
the payload starts with a label (labels) and is followed by 
an IP header. 


¢ The bottom-of-stack bit indicates whether the next header 
is another label or a Layer 3 header. 


° The receiving router uses the top label only. 
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A label does not contain any information about the Layer 3 protocol being carried in a packet. 
A new protocol identifier is used for every MPLS-enabled Layer 3 protocol. 


The following Ethertype values are used to identify Layer 3 protocols with most Layer 2 
encapsulations: 


= Unlabeled IP unicast: Process ID (PID) = 0x0800 identifies that the frame payload is an 
IP packet. 


m Labeled IP unicast: PID = 0x8847 identifies that the frame payload is a unicast IP packet 
with at least one label preceding the IP header. The bottom-of-stack bit indicates when the 
IP header actually starts. 


= Labeled IP multicast: PID = 0x8848 identifies that the frame payload is a multicast IP 
packet with at least one label preceding the IP header. The bottom-of-stack bit indicates 
when the IP header actually starts. 
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MPLS Label Stack (Cont.) 
ee LCR EORE E | 


¢ Usually only one label is assigned to a packet. 


° The following scenarios may produce more than 
one label: 


—MPLS VPNs (two labels): The top label points to 
the egress router, and the second label 
identifies the VPN. 


—MPLS TE (two or more labels): The top label 
points to the endpoint of the traffic engineering 
tunnel and the second label points to the 
destination. 


—MPLS VPNs combined with MPLS TE 
(three or more labels). 


As previously noted, MPLS supports multiple labels in one packet. Simple MPLS uses just one 
label in each packet. The following applications may add labels to packets: 


m= MPLS VPNs: Multiprotocol Border Gateway Protocol (MP-BGP) is used to propagate a 
second label that is used in addition to the one propagated by TDP or LDP. 


m= MPLS TE: MPLS TE uses RSVP to establish label-switched path (LSP) tunnels. RSVP 
also propagates labels that are used in addition to the one propagated by LDP or TDP. 


A combination of these mechanisms with some other features might result in three or more 
labels being inserted into one packet. 


Copyright © 2004, Cisco Systems, Inc. MPLS Concepts 1-29 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


What Is MPLS Forwarding? 


This topic describes how MPLS forwards packets. 


MPLS Forwarding 


¢ An LSR can perform the following functions: 


—Insert (impose) a label or a stack of labels on 
ingress 


— Swap a label with a next-hop label or a stack of 
labels in the core 


— Remove (pop) a label on egress 


* ATM LSRs can swap a label with only one label 
(VPI/VCI fields change). 


An IP packet going through an MPLS domain experiences the following: 

m A label or a stack of labels is inserted (imposed) on an edge LSR. 

m= = The top label is swapped with a next-hop label or a stack of labels on an LSR. 

m = The top label is removed on the LSP tunnel endpoint (usually one hop before the egress 
edge LSR or on the egress edge LSR itself). 


ATM LSRs support the swapping of only one label (normal ATM operation). 
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Example: MPLS Network—Frame-Mode MPLS 


This figure shows an MPLS network using frame-mode MPLS. 


MPLS Forwarding: Frame Mode 


MPLS Domain 


IP Lookup 
10.0.0.0/8—>label 25 


LFIB 
label 23>label 25 


¢ Oningress, a label is assigned and imposed by the IP routing process. 


« LSRs in the core swap labels based on the contents of the label forwarding 
table. 


« Onegress, the label is removed and a routing lookup is used to forward the 
packet. 


MPLS v2.1—1-8 


All LSRs are capable of forwarding IP packets or labeled packets. The ingress edge LSR 
performs a routing lookup and assigns a label. 


The middle router simply swaps the label. 


The egress edge LSR removes the label and optionally performs a routing lookup. 
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MPLS Forwarding: Cell Mode 


= J 


Loa 


LFIB 
label 1/3 = label 1/5 


¢ Labels (VPI/VCl) are imposed during the IP lookup process on ingress ATM 
edge LSRs. Packets are segmented into cells. 

- ATMLSRs in the core swap labels based on the contents of the ATM switching 
table. ATM LSRs cannot forward IP packets. 

* On egress ATM edge LSRs, the labels are removed (cells are reassembled into 
packets), and a routing lookup is used to forward packets. 
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Cell-mode MPLS is similar to frame-mode MPLS. The difference is that ATM LSRs (ATM 
switches) cannot forward IP packets. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


¢ MPLS labels are inserted between the Layer 2 and 
Layer 3 headers. 


e MPLS uses a 32-bit label field. 


¢ MPLS supports multiple labels in one packet, 
creating a “label stack.” 


* LSRs can perform the following functions: 
— Insert (impose) a label on ingress 
— Swap a label 


— Remove (pop) a label on egress 


MPLS v2.1—1-10 
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Lesson 3 | 


Identifying MPLS Applications 


Overview 


This lesson looks at some of the different types of applications with which you can use MPLS. 
These applications are discussed at a high level. Interaction among multiple applications is also 
discussed because there are various methods for exchanging labels. Regardless of the 
differences in the control plane, all of the applications use a single label-forwarding engine in 
the data plane. 


Objectives 


This lesson describes the different MPLS applications where you can use MPLS. This ability 
includes being able to meet these objectives: 


Describe the various applications that are used with MPLS 
Describe the features of unicast IP routing 

Describe the features of multicast IP routing 

Describe MPLS use in TE environments 

Describe MPLS use in QoS environments 

Describe MPLS use in VPNs 


Identify the interactions that occur between various MPLS applications 
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Which Applications Are Used with MPLS? 


This topic describes various applications that are used with MPLS. 


MPLS Applications 
eee Reem | 


* MPLS is already used in many different applications: 
— Unicast IP routing 
— Multicast IP routing 
— MPLS TE 
— QoS 
— MPLS VPNs (course focus) 
— AToM 


¢ Regardless of the application, the functionality is always split into 
the control plane and the data (forwarding) plane: 


— The applications differ only in the control plane. 


— The applications all use a common label-switching data 
(forwarding) plane. 


— Edge LSR Layer 3 data planes may differ. 
— In general, a label is assigned to an FEC. 


MPLS can be used in different applications, as described here: 

= Unicast IP routing is the most common application for MPLS. 

= Multicast IP routing is treated separately because of different forwarding requirements. 
m= MPLS TE is an add-on to MPLS that provides better and more intelligent link use. 

m= Differentiated QoS can also be provided with MPLS. 


m MPLS VPNs are implemented using labels to allow overlapping address space between 
VPNs. MPLS VPN is the focus of this course. 


m Any Transport over MPLS (AToM) is a solution for transporting Layer 2 packets over an 
IP or MPLS backbone. 


The data plane (forwarding plane) is the same regardless of the application. The control plane, 
however, needs appropriate mechanisms to exchange routing information and labels. 


The term “forwarding equivalence class” (FEC) is used to describe the packets that are 
forwarded based upon a common characteristic (that is, destination address, QoS class, and so 
on). 
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What Is Unicast IP Routing? 


This topic describes the features of unicast IP routing. 


Unicast IP Routing 


* Two mechanisms are needed on the control plane: 


—IP routing protocol (OSPF, IS-IS, EIGRP, 
and so on) 


— Label distribution protocol (LDP or TDP) 


* Arouting protocol carries the information about 
the reachability of networks. 


° The label distribution protocol binds labels to 
networks learned via a routing protocol. 


* The FEC is equal to a destination network, stored 
in the IP routing table. 


A unicast IP routing setup usually requires the following two components: 
m= IP routing protocol (for example, OSPF, EIGRP, IS-IS) 
= Label distribution protocol (TDP or LDP) 


These two components are enough to create a full mesh of LSP tunnels. 


A label is assigned to every destination network found in the IP forwarding table. That is why 
an FEC corresponds to an IP destination network. 
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What Is Multicast IP Routing? 


This topic describes the features of multicast IP routing. 


Multicast IP Routing 


* A dedicated protocol is not needed to support 
multicast traffic across an MPLS domain. 


¢ Protocol Independent Multicast version 2 with 
extensions for MPLS is used to propagate routing 
information and labels. 


* The FEC is equal to a destination multicast 
address stored in the multicast routing table. 


Multicast IP routing can also use MPLS. Cisco Protocol Independent Multicast (PIM) Version 
2 with extensions for MPLS is used to propagate routing information and labels. 


The FEC is equal to a destination multicast address. 
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Using MPLS Traffic Engineering 


This topic describes MPLS use in TE environments. 


MPLS TE 
Cisco.com | 


¢ MPLS TE requires OSPF or IS-IS with extensions 
for MPLS TE as the IGP. 


¢ OSPF and IS-IS with extensions hold the entire 
topology in their databases. 


e OSPF and IS-IS should also have some additional 
information about network resources and 
constraints. 


¢ RSVP or CR-LDP is used to establish TE tunnels 
and to propagate labels. 


MPLS TE has the following special requirements: 


m= Every LSR must see the entire topology of the network (only OSPF and IS-IS hold the 
entire topology). 


m Every LSR needs additional information about links in the network. This information 
includes available resources and constraints. OSPF and IS-IS have extensions to propagate 
this additional information. 


m Either RSVP or Constraint Route-LDP (CR-LDP) is used to establish TE tunnels and to 
propagate the labels. 


Every edge LSR must be able to create an LSP tunnel on demand. RSVP is used to create an 
LSP tunnel and to propagate labels for TE tunnels. 
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What Is Quality of Service? 


This topic describes MPLS use in QoS environments. 


Quality of Service 


¢ Differentiated QoS is an extension to unicast IP 
routing that provides differentiated services. 


¢ Extensions to TDP or LDP are used to propagate 
different labels for different classes. 


¢ The FEC is a combination of a destination network 
and a class of service. 


Differentiated QoS is achieved by using MPLS experimental bits or by creating separate LSP 
tunnels for different classes. Extensions to TDP or LDP are used to create multiple LSP tunnels 
for the same destination (one for each class). 


The FEC is equal to a combination of a destination network and a CoS. 
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What Are Virtual Private Networks? 


This topic describes MPLS use in VPNs. 


Virtual Private Networks 


* Networks are learned via an IGP (OSPF, EBGP, EIGRP, 
Routing Information Protocol version 2, or static) from 
a customer or via BGP from other internal routers. 


¢ Labels are propagated via MP-BGP. 
¢ Two labels are used: 


— The top label points to the egress router 
(assigned through LDP or TDP). 


— The second label identifies the outgoing interface on 
the egress router or a routing table where a 
routing lookup is performed. 


¢ FEC is equal to a VPN site descriptor or VPN routing 
table. 


MPLS VPNs use an additional label to determine the VPN and the corresponding VPN 
destination network. MP-BGP is used to propagate VPN routing information and labels across 
the MPLS domain. TDP or LDP is needed to link edge LSRs with a single LSP tunnel. 


The FEC is equal to a VPN destination network. 
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What Are the Interactions Between MPLS 
Applications? 


This topic identifies the interactions that occur between MPLS applications. 


Interactions Between MPLS Applications 


er ae ee er | 


Control Plane 


Any IGP Any IGP 


Unicast IP Unicast IP Unicast IP Unicast IP Unicast IP 
Routing Table Routing Table Routing Table Routing Table Routing Table 
LDP or TDP PIM Version 2 RSVP LDP or TDP | BoP | 


e Data Plane ie 
i Label Forwarding Table | 
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Each application may use a different routing protocol and a different label exchange protocol, 
but all applications use a single label-forwarding engine. 


Example: Interactions Between MPLS Applications 


The figure shows the complete architecture when all applications are used. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
pe eee Cisco.com | 


MPLS is used in many applications: unicast IP routing, multicast 
IP routing, MPLS TE, QoS, MPLS VPNs, and AToM. 


A unicast IP routing setup requires two components: IP routing 
protocol and label distribution protocol. 


Multicast IP routing does not need a dedicated protocol to 
support multicast traffic across an MPLS domain. 


There are several special requirements needed when MPLS is 
used in TE environments. 


Differentiated QoS is an extension to unicast IP routing that 
provides differentiated services. 


MLS VPNs use an additional label to determine the VPN and the 
corresponding VPN destination network. 


Each MPLS application may use a different routing and label 
exchange protocol; however, the applications all use the same 
label-forwarding engine. 


I rights reserve MPLS v2.1—1-10 
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Module Summary 


This topic summarizes the key points discussed in this module. 


Module Summary 


* MPLS is a new forwarding mechanism in which 
packets are forwarded based on labels. 


° MPLS uses a 32-bit label format, which is inserted 
between Layer 2 and Layer 3. Labels can be 
inserted, swapped, or removed. 


¢ MPLS applications can use different routing and 
label exchange protocols while still using the same 
label-forwarding engine. 


MPLS forwards packets based on labels. MPLS can be implemented in ATM networks to 
provide optimal routing across Layer 2 ATM switches. MPLS uses the concept of a “label 
stack” where multiple labels are supported in one packet. You can use MPLS in many 
applications. When many MPLS applications are being used, all applications use a single label- 
forwarding engine. 


References 
For additional information, refer to these resources: 
m@ RFC 3031, Multiprotocol Label Switching Architecture 
m RFC 3032, MPLS Label Stack Encoding 
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Module Self-Check 


Use the questions here to review what you learned in this module. The correct answers and 
solutions are found in the Module Self-Check Answer Key. 


Ql) 


Q2) 


Q3) 


Q4) 


Q5) 


Q6) 


What are three drawbacks of traditional IP routing? (Choose three.) (Source: 
Introducing Basic MPLS Concepts) 


A) Routing protocols are used on all devices to distribute routing information. 

B) Regardless of protocol, routers always forward packets based on the IP 
destination address only (except for using PBR). 

C) Routing lookups are performed on every router. 

D) Routing is performed by assigning a label to an IP destination. 


Which three of the following statements are true? (Choose three.) (Source: Introducing 
Basic MPLS Concepts) 


A) MPLS uses labels to forward packets. 
B) MPLS works only in IP networks. 


C) MPLS labels can correspond to a Layer 3 destination address, QoS, source 
address, or Layer 2 circuit. 
D) MPLS does not require a routing table lookup on core routers. 


As a result of implementing MPLS in ATM networks, which of the following is true? 
(Source: Introducing Basic MPLS Concepts) 

A) Layer 2 devices run a Layer 3 routing protocol. 

B) Virtual circuits must be configured manually. 


C) MPLS cannot run in an ATM network. 
D) ATM switches needed to be made Layer 3- and Layer 4-aware. 


In MPLS TE, which two of the following statements are true? (Choose two.) (Source: 
Introducing Basic MPLS Concepts) 


A) Traditional IP routing does not support traffic engineering. 
B) Traditional IP routing would force all traffic to use the same path based on 
destination. 


C) Using MPLS TE, traffic can be forwarded based on parameters such as QoS 
and source address. 
D) MPLS does not support traffic engineering. 


The label distribution protocol (either TDP or LDP) is the responsibility of the : 
(Source: Introducing Basic MPLS Concepts) 

A) data plane 

B) forwarding plane 

C) system plane 

D) control plane 

The MPLS label field consists of how many bits? (Source: Introducing Basic MPLS 
Concepts) 


A) 64 bits 
B) 32 bits 
C) 16 bits 
D) 8 bits 
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Q7) — Which two of the following statements are true? (Choose two.) (Source: Introducing 
Basic MPLS Concepts) 


A) An edge LSR is a device that primarily inserts labels on packets or removes 
labels. 
B) An LSR is a device that primarily labels packets or removes labels. 


C) An LSR is a device that forwards packets primarily based on labels. 
D) An edge LSR is a device that forwards packets primarily based on labels. 


Q8) MPLS labels can correspond to which of the following? (Source: Introducing Basic 
MPLS Concepts) 


A) Layer 2 source addresses 
B) Layer 3 source addresses 
C) Layer 2 destination addresses 
D) Layer 3 destination addresses 


Q9) Which one of the following terms is best described as “a simple label-based forwarding 
engine’? (Source: Introducing Basic MPLS Concepts) 


A) control plane 
B) ground plane 
C) data plane 

D) routing plane 


Q10) Which two of the following statements are true? (Choose two.) (Source: Introducing 
Basic MPLS Concepts) 


A) MPLS labels are inserted between the Layer 2 header and the Layer 3 header. 
B) MPLS labels are inserted after the Layer 3 header. 

C) In ATM networks, MPLS uses the VPI/VCI fields as the label. 

D) MPLS will not work in ATM networks. 


Q11) Which two of the following statements are true? (Choose two.) (Source: Introducing 
MPLS Labels and Label Stack) 


A) MPLS labels are 32 bits. 

B) MPLS labels are 64 bits. 

C) MPLS labels are inserted before the Layer 2 header. 
D) MPLS labels are inserted after the Layer 2 header. 


Q12) How long is the actual MPLS label contained in the MPLS label field? (Source: 
Introducing MPLS Labels and Label Stack) 


A) 32 bits long 
B) 8 bits long 

C) 16 bits long 
D) 20 bits long 


Q13) Which two of the following statements are true? (Choose two.) (Source: Introducing 
MPLS Labels and Label Stack) 


A) Usually one label is assigned to an IP packet. 

B) Usually two labels are assigned to an IP packet. 

C) Two labels will be assigned to an MPLS VPN packet. 
D) One label will be assigned to an MPLS VPN packet. 
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Q14) Which two of the following are normal functions of an LSR? (Choose two.) (Source: 
Introducing MPLS Labels and Label Stack) 
A) impose labels at the ingress router 
B) impose labels at the egress router 
C) pop labels at the ingress router 
D) pop labels at the egress router 

Q15) Cisco routers automatically assign the IP precedence value to which field in the MPLS 
label? (Source: Introducing MPLS Labels and Label Stack) 
A) TTL field 
B) experimental field 
C) top-of-stack field 
D) The IP precedence value is not copied to the MPLS field; this value remains in 

the IP packet. 

Q16) Which of the following is NOT a valid Ethertype used to identify Layer 3 protocols 
with most Layer 2 encapsulations? (Source: Introducing MPLS Labels and Label 
Stack) 
A) unlabeled IP unicast (PID = 0x0800) 
B) labeled IP unicast (PID = 0x0847) 
C) unlabeled IP multicast (PID = 0x8846) 
D) labeled IP multicast (PID = 0x8848) 

Q17) The label distribution protocol is found on which plane? (Source: Identifying MPLS 
Applications) 
A) forwarding plane 
B) data plane 
C) control plane 
D) ground plane 

Q18) Which two of the following statements are true regarding RSVP? (Choose two.) 
(Source: Identifying MPLS Applications) 
A) RSVP is used to create an LSP tunnel. 
B) RSVP propagates labels for TE tunnels. 
C) RSVP assigns labels for TE tunnels. 
D) RSVP is not used to create an LSP tunnel. 

Q19) When MPLS is used for QoS, which of the following statements is true? (Source: 
Identifying MPLS Applications) 
A) QoS is achieved by using the protocol bits in the MPLS label field. 
B) QoS is achieved by using the TTL bits in the MPLS label field. 
C) QoS is achieved by using the experimental bits in the MPLS label field. 
D) At this time, QoS is not supported by MPLS. 

Q20) In MPLS VPN networks, which one of the following statements is true? (Source: 
Identifying MPLS Applications) 
A) Labels are propagated via LDP or TDP. 
B) Next-hop addresses instead of labels are used in an MPLS VPN network. 
C) Labels are propagated via MP-BPG. 
D) Two labels are used; the top label identifies the VPN, and the bottom label 

identifies the egress router. 
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Q21) Which two of the following statements are true regarding interactions between MPLS 
applications? (Choose two.) (Source: Identifying MPLS Applications) 


A) The forwarding plane is the same for all applications. 
B) Differences exist in the forwarding plane depending on the MPLS application. 
C) The control plane is the same for all applications. 


D) Differences exist in the control plane depending on the MPLS application. 
Q22) InMPLS VPNs, what does the FEC refer to? (Source: Identifying MPLS Applications) 


A) IP destination network 

B) MPLS ingress router 

C) core of the MPLS network 
D) VPN destination network 
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Module Self-Check Answer Key 
Ql) A,B,C 


Q2) A,C,D 


Q3) A 
Q4) BC 
Qs) D 
Q6) B 
Q7) OAC 
Q8) D 
Q  =~C 
Ql0) A,C 
Qll) A,D 
Ql2) D 
Q13) A.C 
Ql4) AD 
Qls) B 
Ql6) C 
Qi7) ~C 
Qi8) A,B 
Qi9) Cc 
Q20) C 
Q2l) AD 
Q22)  D 
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Module 2| 


Label Assignment and 
Distribution 


Overview 


This module describes the assignment and distribution of labels in a Multiprotocol Label 
Switching (MPLS) network, including neighbor discovery and session establishment 
procedures. Label distribution, control, and retention modes will also be covered. This module 
also covers the functions and benefits of penultimate hop popping (PHP). 


Module Objectives 


Upon completing this module, you will be able to describe how MPLS labels are assigned and 
distributed. This ability includes being able to meet these objectives: 


Describe how the LIB, FIB, and LFIB tables are populated with label information 
Describe how convergence occurs in a frame-mode MPLS network 

Describe typical label distribution over LC-ATM interfaces and VC merge 
Describe MPLS label allocation, distribution, and retention modes 


Describe how LDP neighbors are discovered 
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Lesson 1 | 


Introducing Typical Label 
Distribution in Frame-Mode 
MPLS 


Overview 


This lesson discusses how label allocation and distribution function in a frame-mode network. 
Also covered are PHP and how the MPLS data structures are built. This lesson is essential to 
understanding the basic fundamentals of how information gets distributed and placed into the 
appropriate tables for both label and unlabeled packet usage. 


Objectives 


Upon completing this lesson, you will be able to describe how the Label Information Base 
(LIB), Forwarding Information Base (FIB), and label forwarding information base (LFIB) 
tables are populated with label information. This ability includes being able to meet these 
objectives: 


m= Describe how labels are propagated across a network 

m= Describe the function of label switch paths 

m™ Describe the function of PHP 

m= Describe the impact that IP aggregation has on label-switched paths 

m™ Describe how labels are allocated and distributed in a frame-mode MPLS network 
m™ Describe how MPLS labels are distributed and allocated in a frame-mode network 
m™ Describe how the LFIB table is populated in an MPLS network 

m Describe how IP packets cross an MPLS network 

m Describe how frame-mode loops are detected 


m™ Describe the approaches for assigning labels to networks 
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Propagating Labels Across a Network 


This topic describes how labels are propagated across a network. 


MPLS Unicast IP Routing Architecture 


¢ MPLS introduces a new field that is used for 
forwarding decisions. 


¢ Although labels are locally significant, they have to 
be advertised to directly reachable peers. 


—One option would be to include this parameter in 
existing IP routing protocols. 


— The other option is to create a new protocol to 
exchange labels. 


¢ The second option has been used because there 
are too many existing IP routing protocols that 
would have to be modified to carry labels. 


One application of MPLS is unicast IP routing. A label is assigned to destination IP networks 
and is later used to label packets sent toward those destinations. 


Note In MPLS terminology, a forwarding equivalence class (FEC) equals an IP destination 
network. 


Standard or vendor-specific routing protocols are used to advertise IP routing information. 
MPLS adds a new piece of information that must be exchanged between adjacent routers. 


Here are the two possible approaches to propagating this additional information (labels) 
between adjacent routers: 


m Extend the functionality of existing routing protocols 


m™ Create a new protocol dedicated to exchanging labels 


The first approach requires much more time and effort because of the large number of different 
routing protocols: Open Shortest Path First (OSPF), Intermediate System-to-Intermediate 
System (IS-IS), Enhanced Interior Gateway Routing Protocol (EIGRP), Interior Gateway 
Routing Protocol (IGRP), Routing Information Protocol (RIP), and so on. The first approach 
also causes interoperability problems between routers that support this new functionality and 
those that do not. Therefore, the Internet Engineering Task Force (IETF) selected the second 
approach. 
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MPLS Unicast IP Routing 


Architecture (Cont.) 
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Example: Building Blocks for IP Forwarding 


The figure shows the building blocks used by routers to perform traditional IP forwarding. 


The control plane consists of a routing protocol that exchanges routing information and 
maintains the contents of the main routing table. When combined with Cisco Express 
Forwarding (CEF), the IP forwarding table in the data plane forwards the packets through the 
router. 


The Label Distribution Protocol (LDP) or the Cisco proprietary protocol Tag Distribution 
Protocol (TDP) in the control plane exchanges labels and stores them in the LIB. This 
information is then used in the data plane to provide MPLS functionality, as follows: 


m A label is added to the IP forwarding table (FIB) to map an IP prefix to a next-hop label. 
m A locally generated label is added to the LFIB and mapped to a next-hop label. 


The following forwarding scenarios are possible when MPLS is enabled on a router: 


m An incoming IP packet is forwarded by using the FIB table and sent out as an IP packet 
(the usual CEF switching). 


m An incoming IP packet is forwarded by using the FIB table and sent out as a labeled IP 
packet (the default action if there is a label assigned to the destination IP network). 


m An incoming labeled packet is forwarded by using the LFIB table and sent out as a labeled 
IP packet. 
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MPLS Unicast IP Routing 
Architecture (Cont.) 


Control Plane 


OSPF: 10.0.0.0/8 
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Example: Using the FIB Table to Forward Packets 


The figure shows a scenario in which IP packets are successfully forwarded by using the FIB 
table. 


Labeled packets, on the other hand, are not forwarded because of a lack of information in the 
LFIB table. Normal MPLS functionality prevents the forwarding from happening, because no 
adjacent router is going to use a label unless this router previously advertised the label. 


The example illustrates that label switching tries to use the LFIB table only if the incoming 
packet is labeled, even if the destination address is reachable by using the FIB table. 


Note The LIB table will hold all locally generated labels by a label switch router (LSR). The LFIB 
table contains labels that are used to switch packets. 
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MPLS Unicast IP Routing 
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Example: Using LDP 
The figure shows a router where OSPF is used to exchange IP routing information and LDP is 
used to exchange labels. 


An incoming IP packet is forwarded by using the FIB table, where a next-hop label dictates that 
the outgoing packet should be labeled with label 23. 


An incoming labeled packet is forwarded by using the LFIB table, where the incoming (locally 
significant) label 25 is swapped with the next-hop label 23. 
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What Are Label-Switched Paths? 


This topic describes the function of label-switched paths (LSPs). 


LSP 
Cisco.com 


* An LSP is a sequence of LSRs that forwards labeled 
packets of a certain forwarding equivalence class. 


¢ MPLS unicast IP forwarding builds LSPs based on 
the output of IP routing protocols. 


¢ LDP and TDP advertise labels only for individual 
segments in the LSP. 


¢ LSPs are unidirectional. 


* Return traffic uses a different LSP (usually the 
reverse path because most routing protocols provide 
symmetrical routing). 


¢ An LSP can take a different path from the one chosen 
by an IP routing protocol (MPLS Traffic Engineering). 
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An LSP is a sequence of LSRs that forwards labeled packets for a particular FEC. Each LSR 
swaps the top label in a packet traversing the LSP. An LSP is similar to Frame Relay or ATM 
virtual circuits. In cell-mode MPLS, an LSP is a virtual circuit. 


In MPLS unicast IP forwarding, the FECs are determined by destination networks found in the 
main routing table. Therefore, an LSP is created for each entry found in the main routing table. 
Border Gateway Protocol (BGP) entries are the only exceptions and are covered later in this 
course. 


An Interior Gateway Protocol (IGP) is used to populate the routing tables in all routers in an 
MPLS domain. LDP or TDP is used to propagate labels for these networks and build LSPs. 


LSPs are unidirectional. Each LSP is created over the shortest path, selected by the IGP, toward 
the destination network. Packets in the opposite direction use a different LSP. The return LSP is 
usually over the same LSRs, except packets form the LSP in the opposite order. 


MPLS Traffic Engineering (MPLS TE) can be used to change the default IGP shortest path 
selection. 
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LSP Building 


The IP routing protocol determines the path. 
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Example: IGP Propagates Routing Information 


The figure illustrates how an IGP, such as OSPF, IS-IS, or EIGRP, propagates routing 
information to all routers in an MPLS domain. Each router determines its own shortest path. 


LDP or TDP, which propagate labels for those networks and routers, adds this information to 
the FIB and LFIB tables. 


In the example, an LSP is created for a particular network. This LSP starts on router A and 
follows the shortest path, determined by the IGP. 
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LSP Building (Cont.) 


LDP or TDP propagates labels to convert the path to an LSP. 
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Example: LFIB and LIB Tables 


The figure shows the contents of LFIB and LIB tables. Frame-mode MPLS uses a liberal 
retention mode, which is evident from the contents of the LIB tables. Only those labels that 
come from the next-hop router are inserted into the LFIB table. 


Note Notice that router G receives a pop label from final destination router |. The pop action 
results in the removal of the label rather than swapping labels. This allows the regular IP 
packet to be forwarded. 
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Propagating Labels Using PHP 


This topic describes the function of PHP. 


PHP: Before 


MPLS Domain 


¢ Double lookup is not an optimal way 
of forwarding labeled packets. 


¢ A label can be removed one 
hop earlier. 
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Example: PHP—Before 


The figure illustrates how labels are propagated and used in a typical frame-mode MPLS 


Double lookup is needed: 

1. LFIB: Remove the label 

2. FIB: Forward the IP packet based 
on IP next-hop address 


NH = Next Hop | : 
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network. The check marks show which tables are used on individual routers. The egress router 


in this example must do a lookup in the LFIB table to determine whether the label must be 


removed and if a further lookup in the FIB table is required. 


PHP removes the requirement for a double lookup to be performed on egress LSRs. 


Copyright © 2004, Cisco Systems, Inc. 


Label Assignment and Distribution 


The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


2-11 


PHP: After 


The pop or implicit null 
label is advertised. 


MPLS Domain 


10.0.0.0/8 
L=17 


r a 


One Single Lookup 
A label is removed on the router before [ NH = Next Hop |! 


the last hop within an MPLS domain. 
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Example: PHP—After 


The figure illustrates how a predefined label pop, which corresponds to the pop action in the 
LFIB, is propagated on the first hop or the last hop, depending on the perspective. The term 
“pop” means to remove the top label in the MPLS label stack instead of swapping it with the 
next-hop label. The last router before the egress router therefore removes the top label. 


PHP slightly optimizes MPLS performance by eliminating one LFIB lookup. 
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PHP 
eee Cisco.com | 


¢ Penultimate hop popping optimizes MPLS 
performance (one less LFIB lookup). 


¢ PHP does not work on ATM. (VPI/VCI cannot 
be removed.) 


¢ The pop or implicit null label uses a reserved 
value when being advertised to a neighbor. 


PHP optimizes MPLS performance by reducing the number of table lookups on the egress 
router. 


PHP is not supported on ATM devices because a label is part of the ATM cell payload and 
cannot be removed by the ATM switching hardware. 


Note A pop label is encoded with a value of 1 for TDP and with a value of 3 for LDP. This label 
instructs upstream routers to remove the label instead of swapping it with label 1 or 3. What 
will be displayed in the LIB table of the router will be “imp-null” rather than the value of 1 or 


3. 
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What Is the Impact of IP Aggregation on Label- 
Switched Paths? 


This topic describes the impact that IP aggregation has on label-switched paths. 


Impact of IP Aggregation on 
Label-Switched Paths 


Aggregation 
Point 


* IP aggregation breaks an LSP into two segments. 


* Router C is forwarding packets based on Layer 3 
information. 
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Example: MPLS IP Aggregation Problem 
The figure illustrates a potential problem in an MPLS domain. 


An IGP propagates the routing information for network 10.1.1.0/24 from router E to other 
routers in the network. Router C uses a summarization mechanism to stop the proliferation of 
all subnetworks of network 10.1.0.0/16. Only the summary network 10.1.0.0/16 is sent to 
routers B and A. 


LDP or TDP propagate labels concurrently with the IGP. The LSR that is the endpoint of an 
LSP always propagates the “pop” label. 


Router C has both networks in the routing table, as listed here: 
m 10.1.1.0/24 (the original network) 
m 10.1.0.0/16 (the summary) 


Router C, therefore, sends a label, 55 in the example, for network 10.1.1.0/24 to router B. 
Router C also sends a pop label for the new summary network 10.1.0.0/16 that originates on 
this router. Router B, however, can use the pop label only for the summary network 10.1.0.0/16 
because it has no routing information about the more specific network 10.1.1.0/24 because this 
information was suppressed on router C. 
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The summarization results in two LSPs for destination network 10.1.1.0/24. The first LSP ends 
on router C, where a routing lookup is required to assign the packet to the second LSP. 


Impact of IP Aggregation on 
Label-Switched Paths (Cont.) 


* ATM LSRs must not aggregate because they 
cannot forward IP packets. 


¢ Aggregation should not be used where 
end-to-end LSPs are required (MPLS VPN). 


When cell-mode MPLS is used, ATM switches are IP-aware; ATM switches run an IP routing 
protocol, and LDP or TDP, and are generally seen as IP routers. In reality, however, ATM 
switches are capable of forwarding only cells, not IP packets. 


Aggregation (or summarization) should not be used on ATM LSRs. This is because 
aggregation breaks LSPs in two, which means that ATM switches would have to perform Layer 
3 lookups. 


Aggregation should also not be used where an end-to-end LSP is required. Typical examples of 
networks that require end-to-end LSPs are the following: 

m= A transit BGP autonomous system (AS) where core routers are not running BGP 

m AnMPLS VPN backbone 

m An MPLS-enabled ATM network 

m A network that uses MPLS TE 
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Allocating Labels in a Frame-Mode MPLS 
Network 


This topic describes how labels are allocated and distributed in a frame-mode MPLS network. 


Label Allocation in a Frame-Mode MPLS 


Network 
Cisco.com | 


Label allocation and distribution in a frame- 
mode MPLS network follows these steps: 


° IP routing protocols build the IP routing table. 
* Each LSR assigns a label to every destination in 


the IP routing table independently. 


¢ LSRs announce their assigned labels to all 
other LSRs. 


* Every LSR builds its LIB, LFIB, and FIB data 
structures based on received labels. 


Unicast IP routing and MPLS functionality can be divided into the following steps: 


= Routing information exchange using standard or vendor-specific IP routing protocols 
(OSPF, IS-IS, EIGRP, and so on) 


m= Generation of local labels (One locally unique label is assigned to each IP destination found 
in the main routing table and stored in the LIB table.) 


m Propagation of local labels to adjacent routers, where these labels might be used as next- 
hop labels (stored in the FIB and LFIB tables to enable label switching) 


The following data structures contain label information: 


m= The LIB, in the control plane, is the database used by LDP where an IP prefix is assigned a 
locally significant label that is mapped to a next-hop label that has been learned from a 
downstream neighbor. 


m The LFIB, in the data plane, is the database used to forward labeled packets. Local labels, 
previously advertised to upstream neighbors, are mapped to next-hop labels, previously 
received from downstream neighbors. 


m The FIB, in the data plane, is the database used to forward unlabeled IP packets. A 
forwarded packet is labeled if a next-hop label is available for a specific destination IP 
network. Otherwise, a forwarded packet is not labeled. 
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Label Allocation in a Frame-Mode MPLS 
Network: Building the IP Routing Table 


Routing Table of A Routing Table of B Routing Table of C 


Network |Next Hop Network | Next Hop Netwo 
X B xX Cc xX 


rk | Next Hop 
D 
fa Fr 


Routing Table of E Network X 
Network NextHop Label Network |Next Hop 
2 a ee x c 


° IP routing protocols are used to build IP routing tables on 
all LSRs. 


° FIBs are built based on IP routing tables with no labeling 
information. 
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Example: Label Allocation 


The figure illustrates how all routers learn about network X via an IGP such as OSPF, IS-IS, or 


EIGRP. The FIB table on router A contains the entry for network X that is mapped to the IP 


next-hop address B. At this time, a next-hop label is not available, which means that all packets 


are forwarded in a traditional fashion (as unlabeled packets). 
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Label Allocation in a Frame-Mode MPLS 
Network: Allocating Labels 


Routing Table of B Router B assigns label 25 
Network |Next Hop to destination X. 


Network X 


* Every LSR allocates a label for every destination in the 
IP routing table. 


* Labels have local significance. 
¢ Label allocations are asynchronous. 
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The figure shows how router B generates a locally significant and locally unique label 25 
assigned to IP network X. Router B generates this label regardless of other routers 
(asynchronous allocation of labels). 


Note Labels 0 to 15 are reserved. 
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Label Allocation in a Frame-Mode MPLS 
Network: LIB and LFIB Setup 


Routing Table of B Router B assigns label 25 
Network |Next Ho, to destination X. 


Network LSR 
xX local 


LFIB on B 7 aaa 

= Outgoing action is pop, 

Eawel Action”, Alext Hop because B has received 
ae Pop c no label for X from C. 


LIB and LFIB structures have to be initialized on the 
LSR allocating the label. 
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When a label is assigned to an IP prefix, it is stored in the following two tables: 


m= The LIB table is used to maintain the mapping between the IP prefix (network X), the local 
label (25), and the next-hop label (not available yet). 


m= The LFIB table is modified to contain the local label mapped to the pop action (label 
removal). The pop action is used until the next-hop label is received from the downstream 
neighbor. 
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Distributing and Advertising Labels 


This topic describes how MPLS labels are distributed and advertised within an MPLS network. 


Label Distribution and Advertisement 


LIB onB 
Label 


Network X 


The allocated label is advertised to all neighbor LSRs, 
regardless of whether the neighbors are upstream or 
downstream LSRs for the destination. 
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Example: Label Distribution and Advertisement 


The figure illustrates the next step after a local label has been generated. Router B propagates 
this label, 25, to all adjacent neighbors where this label can be used as a next-hop label. 


Note Because router B cannot predict which routers might use it as the downstream neighbor, 
router B sends its local mappings to all LDP neighbors. 
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Label Distribution and Advertisement: 
Receiving Label Advertisement 


LIB onA LIB onC 
Network Network 
ae | ee ee LSE 


LIB on E Network X 


Network NextHop Label F Network Label 
x B 25 7) Se 


¢ Every LSR stores the received label in its LIB. 


* Edge LSRs that receive the label from their next hop 
also store the label information in the FIB. 
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Upon receiving an LDP update, router A can fill in the missing piece in its LIB, LFIB, and FIB 
tables, as listed here: 


= Label 25 is stored in the LIB table as the label for network X received from LSR B. 


m= Label 25 is attached to the IP forwarding entry in the FIB table to enable the MPLS edge 
functionality (incoming IP packets are forwarded as labeled packets). 


m= = The local label in the LFIB table is mapped to outgoing label 25 instead of the pop action 
(incoming labeled packets can be forwarded as labeled packets). 
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Label Distribution and Advertisement: 
Interim Packet Propagation 


Label lookup is performed 
in the LFIB, label is switched. 
|Next Hop | 


onB 


Network |Next Hop | Label 
a ee 
IP lookup is performed in 
the FIB; packet is labeled. 


Forwarded IP packets are labeled only on the path segments 
where the labels have already been assigned. 
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Example: Interim Packet Propagation Through an MPLS 
Network 


The figure shows how an unlabeled IP packet is forwarded based on the information found in 
the FIB table on router A. Label 25, found in the FIB table, is used to label the packet. 


Router B must remove the label because LSR B has not yet received any next-hop label (the 
action in the LFIB is “pop’”). 


Router A performs an IP lookup (CEF switching), whereas router B performs a label lookup 
(label switching) in which the label is removed and a normal IP packet is sent out of router B. 
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Label Distribution and Advertisement: 
Further Label Allocation 


LIB onC 
Network 
ae eas 


LFIB on C 
Label Action Next Hop 
47 pop D 


Every LSR will eventually assign a label for every 
destination. 
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Because all routers in an MPLS domain asynchronously do the same as routers A and B, an 


LSP tunnel is generated, spanning from router A to router D. 


Example: LDP Update Sent to All Adjacent Routers 


The figure illustrates how an LDP update, advertising label 47 for network X, from router C is 


sent to all adjacent routers, including router B. 
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Label Distribution and Advertisement: 
Receiving Label Advertisement 


LIB on B 
FIB on B Network 


Network NextHop Label 
xX Cc 


pigane LIB onE Network X 


Network NextHop Label Network 
x c 47 i eae (2 | 
| 


¢ Every LSR stores received information in its LIB. 


¢ LSRs that receive their label from their next-hop LSR will also 
populate the IP forwarding table. 
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Router B can now map the entry for network X in its FIB, and the local label 25 in its LFIB, to 
the next-hop label 47 received from the downstream neighbor router C. 
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Populating LFIB 


This topic describes how the LFIB table is populated in an MPLS network. 


Populating LFIB 


FIB on B LIB on B 
Network NextHop Label Network 


Network X 
LFIB on B 


Label Action Next Hop 
25 47 (¢; 


¢ Router B has already assigned a label to network X and created 
an entry in the LFIB. 


° The outgoing label is inserted in the LFIB after the label is 
received from the next-hop LSR. 
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Example: Populating LFIB 
After router C advertises label 47 to adjacent routers, the LSP tunnel for network X has two 
hops. The steps are as follows: 
™ On router A, network X is mapped to the next-hop label 25 (router B). 
= On router B, label 25 is mapped to the next-hop label 47 (router C). 
= Router C still has no next-hop label. Label 47 is therefore mapped to the pop action. 


Note In the figure, label distribution is from right to left, and packet forwarding is from left to right. 
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Propagating Packets Across an MPLS Network 


This topic describes how IP packets cross an MPLS network. 


Packet Propagation Across 
an MPLS Network 


FIB onA 


x | B | 25 LFIB on E 
IP lookup is performed in 
the FIB; packet is labeled. 


Label lookup is performed 
in the LFIB; label is removed. 
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Example: Packet Propagation Through an MPLS Network 


The figure illustrates how IP packets are propagated across an MPLS domain. The steps are as 
follows: 


Step 1 Router A labels a packet destined for network X by using the next-hop label 25 
(CEF switching by using the FIB table). 


Step 2 Router B swaps label 25 with label 47 and forwards the packet to router C (label 
switching by using the LFIB table). 


Step 3 Router C removes the label and forwards the packet to router D (label switching by 
using the LFIB table). 
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Detecting Frame-Mode Loops 


This topic describes how frame-mode loops are detected. 


Loop Detection 


¢ LDP relies on loop detection mechanisms built into 
IGPs that are used to determine the path. 


° If, however, a loop is generated (that is, 
misconfiguration with static routes), the TTL field in 
the label header is used to prevent indefinite looping 
of packets. 


° TTL functionality in the label header is equivalent to 
TTL in the IP headers. 


* TTL is usually copied from the IP headers to the 
label headers (TTL propagation). 


Loop detection in an MPLS-enabled network relies on more than one mechanism. 


Most routing loops are prevented by the IGP used in the network. MPLS for unicast IP 
forwarding simply uses the shortest paths determined by the IGP. These paths are typically 
loop-free. 


If, however, a routing loop does occur (for example, because of misconfigured static routes), 
MPLS labels also contain a time-to-live (TTL) field that prevents packets from looping 
indefinitely. 


The TTL functionality in MPLS is equivalent to that of traditional IP forwarding. Furthermore, 
when an IP packet is labeled, the TTL value from the IP header is copied into the TTL field in 
the label. This is called TTL propagation. 
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Normal TTL Operation 


TTL is decreased The TTL is decreased and 
-—| and copied into copied back into the TTL 


the label header. field of the IP header. 


Only the TTL in the 
top-of-stack entry 
is modified. 


MPLS Domain 


¢ Cisco routers have TTL propagation enabled by default. 
* On ingress: TTL is copied from IP header to label header. 
¢ On egress: TTL is copied from label header to IP header. 


Example: Normal TTL Operation 
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The figure illustrates how the TTL value 5 in the IP header is decreased and copied into the 


TTL field of the label when a packet enters an MPLS domain. 


All other LSRs decrease the TTL field only in the label. The original TTL field is not changed 
until the last label is removed when the label TTL is copied back into the IP TTL. 


TTL propagation provides a transparent extension of IP TTL functionality into an MPLS- 


enabled network. 
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TTL and Loop Detection 


Label 
TrL IP TTL 


MPLS Domain 


| a Loop 
— 


3/4 os 
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Labeled packets are dropped when the TTL is 
decreased to 0. 
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Example: TTL and Loop Detection 


The figure illustrates a routing loop between routers B and C. The packet looping between 
these two routers is eventually dropped because the value of its TTL field reaches 0. 
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Disabling TTL Propagation 


¢ TTL propagation can be disabled. 


¢ The IP TTL value is not copied into the TTL field of 
the label, and the label TTL is not copied back into 
the IP TTL. 


° Instead, the value 255 is assigned to the label 
header TTL field on the ingress LSR. 


¢ Disabling TTL propagation hides core routers in 
the MPLS domain. 


¢ Traceroute across an MPLS domain does not show 
any core routers. 
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TTL propagation can be disabled to hide the core routers from the end users. Disabling TTL 
propagation causes routers to set the value 255 into the TTL field of the label when an IP 
packet is labeled. 


The network is still protected against indefinite loops, but it is unlikely that the core routers will 
ever have to send an Internet Control Message Protocol (ICMP) reply to user-originated 
traceroute packets. 
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Traceroute with Disabled 
TTL Propagation 


a o—-, —_ — — 
am wm wma wen 
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CY 
X 
Hill 


traceroute 10.1.1.1 
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¢ The first traceroute packet 
(ICMP or UDP) that reaches the 
network is dropped on router A. 


* An ICMP time-to-live exceeded 
message is sent to the source 
from router A. 
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Example: Traceroute with Disabled TTL Propagation 


These figures illustrate the result of a traceroute across an MPLS network that does not use 
TTL propagation. 


The first traceroute packet—ICMP or User Datagram Protocol (UDP)—that reaches the MPLS 
network is dropped on the first router (A), and an ICMP reply is sent to the source. This action 
results in an identification of router A by the traceroute application. 


Copyright © 2004, Cisco Systems, Inc. Label Assignment and Distribution 2-31 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Traceroute with Disabled 
TTL Propagation (Cont.) 


traceroute 10.1.1.1 


e The second traceroute packet that a 3g cae. Awe coe 
reaches the network is dropped ea ame: “Peace com 
on router D. 


* An ICMP time-to-live exceeded 
message is sent to the source 
from router D. 
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The traceroute application increases the initial TTL for every packet that it sends. The second 
packet, therefore, would be able to reach one hop farther (router B in the example). However, 
the TTL value is not copied into the TTL field of the label. Instead, router A sets the TTL field 
of the label to 255. Router B decreases the TTL of the label, and router C removes the label 
without copying it back into the IP TTL. Router D then decreases the original IP TTL, drops 
the packet because the TTL has reached zero, and sends an ICMP reply to the source. 


The traceroute application has identified router D. The next packets would simply pass through 
the network. 


The final result is that a traceroute application was able to identify the edge LSRs, but not the 
core LSRs. 
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Impact of Disabling TTL Propagation 


¢ Traceroute across an MPLS domain does not show 
core routers. 


¢ TTL propagation has to be disabled on all label 
switch routers. 


* Mixed configurations (some LSRs with TTL 
propagation enabled and some with TTL propagation 
disabled) could result in faulty traceroute output. 


¢ TTL propagation can be enabled for forwarded traffic 
only—traceroute from LSRs does not use the initial 
TTL value of 255. 
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Cisco routers have TTL propagation enabled by default. 


If TTL propagation is disabled, it must be disabled on all routers in an MPLS domain to 
prevent unexpected behavior. 


TTL can be optionally disabled for forwarded traffic only, which allows administrators to use 
traceroute from routers to troubleshoot problems in the network. 
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Allocating Per-Platform Labels 


This topic describes the approaches for assigning labels to networks. 


Per-Platform Label Allocation 


LFIB on B 
Label Action Next Hop 


¢ An LFIB on a router usually does not contain an 
incoming interface. 

¢ The same label can be used on any 
interface—per-platform label allocation. 

¢ LSR announces a label to an adjacent LSR only 
once, even if there are parallel links between them. 
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Here are the two possible approaches for assigning labels to networks: 


= Per-platform label allocation: One label is assigned to a destination network and 
announced to all neighbors. The label must be locally unique and valid on all incoming 
interfaces. This is the default operation in frame-mode MPLS. 


m= Per-interface label allocation: Local labels are assigned to IP destination prefixes on a 
per-interface basis. These labels must be unique on a per-interface basis. 


Example: Per-Platform Label Allocation 


The figure illustrates how one label (25) is assigned to a network and used on all interfaces. 
The same label is propagated to both routers A and C. 


The figure also shows how one label is sent across one LDP session between routers A and B 
even though there are two parallel links between the two routers. 
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Per-Platform Label Allocation: Benefits and 
Drawbacks of Per-Platform Label Allocation 


Label for X is announced 
only to A. LFIB on B 
Label Action Next Hop 


Network X 


A third-party router can still send 
packets toward network X, even though} 
the label was not announced to it. 


Benefits: Drawback: 


° Smaller LFIB ¢ Insecure: Any neighbor LSR 
can send packets with any 


¢ Faster label exchange label in the LFIB. 
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A potential drawback of per-platform label allocation is illustrated in the figure, which shows 
how an adjacent router can send a labeled packet with a label that has not been previously 
advertised to this router (label spoofing). If label switching has not been enabled on that 
interface, the packet will be discarded. If label switching has been enabled on this interface, the 
packet would be forwarded, causing a possible security issue. 


On the other hand, per-platform label allocation results in smaller LIB and LFIB tables and a 
faster exchange of labels. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 


¢ Labels are propagated across a network either by 
extending the functionality of existing routing 
protocols or by creating a new protocol that is 
dedicated to exchanging labels. 


° An LSP is a sequence of LSRs that forward labeled 
packets of a certain forwarding equivalence class. 


* Penultimate hop popping optimizes MPLS 
performance (one less LFIB lookup). 


* IP aggregation can break an LSP into two 
segments. 


¢ Every LSR assigns a label for every destination in 
the IP routing table. 


Summary (Cont.) 


* Although labels are locally significant, they have to 
be advertised to directly reachable peers. 


¢ Outgoing labels are inserted in the LFIB after the 
label is received from the next-hop LSR. 


* Packets are forwarded using labels from the LFIB 
table rather than the IP routing table. 


¢ If TTL propagation is disabled, traceroute across 
an MPLS domain does not show core routers. 


* LSR announces a label to an adjacent LSR only 
once, even if there are parallel links between them. 
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Lesson 2 | 


Introducing Convergence in 
Frame-Mode MPLS 


Overview 


This lesson presents LDP convergence issues and describes how routing protocols and MPLS 
convergence interact. This lesson concludes with a look at link failure, convergence after a link 
failure, and link recovery. 


It is important to understand the convergence times for LDP. It also is important to understand 

how routing protocols interact with MPLS. This information will ensure a clear understanding 

of how the various routing tables are built and refreshed during and after a link failure and how 
recovery in an MPLS network takes place. 


Objectives 


Upon completing this lesson, you will be able to describe how convergence occurs in a frame- 
mode MPLS network. This ability includes being able to meet these objectives: 


Describe the MPLS steady-state environment 

Describe what happens in the routing tables when a link failure occurs 
Describe routing protocol convergence after a link failure 

Describe frame-mode MPLS convergence after a link failure 


Describe IP and MPLS convergence after a link failure has been resolved 
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What Is the MPLS Steady-State Operation? 


This topic describes an MPLS network steady-state operation. 


Steady-State Operation Description 


Routing Table of B FIB onB 
Network |Next Hop [Network| LSR | Label__| 


LSR 
local 


Network X 


LFIB onB 


| Action |Next Hop 
c 


After the LSRs have exchanged the labels, LIB, LFIB, and FIB data 
structures are completely populated. 
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MPLS is fully functional when the IGP and LDP (or TDP) have populated all the tables, as 
listed here: 


= Main IP routing table 
m= LIB table 

m FIB table 

= LFIB table 


Although it takes longer for LDP to exchange labels (compared with IGP), a network can use 
the FIB table in the meantime, so there is no routing downtime while LDP exchanges labels 


between adjacent LSRs. 
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What Happens in a Link Failure? 


This topic describes what happens in the routing tables when a link failure occurs. 


Link Failure Actions 


Routing Table of B FIB onB 
Network |Next Hop [Network| LSR_ | Label__| 
| 


Network X 


¢ Routing protocol neighbors and LDP 
neighbors are lost after a link failure. 


¢ Entries are removed from various data 
structures. 
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Example: Link Failure Actions 


The figure illustrates how a link failure is handled in an MPLS domain. The steps are as 
follows: 


m The overall convergence fully depends on the convergence of the IGP used in the MPLS 
domain. 


m= When router B determines that router E should be used to reach network X, the label 
learned from router E can be used to label-switch packets. 


LDP stores all labels in the LIB table, even if the labels are not used, because the IGP has 
decided to use another path. 


This label storage is shown in the figure, where two next-hop labels were available in the LIB 
table on router B. The label status of router B just before MPLS label convergence is as 
follows: 


m= Label 47 was learned from router C and is currently unavailable; therefore, because of the 
failure, label 47 has to be removed from the LIB table. 


m= Label 75 was learned from router E and can now be used at the moment that the IGP 
decides that router E is the next hop for network X. 
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What Is the Routing Protocol Convergence After 
a Link Failure? 


This topic describes the routing protocol convergence that occurs in an MPLS network after a 
link failure. 


Routing Protocol Convergence 


Routing Table of B FIB onB 
Network |Next Hop [Network| LSR_ | Label__| 
Re he ae 


LSR 


Network X 
local 


Routing protocols rebuild the IP routing 
table and the IP forwarding table. 
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Example: Routing Protocol Convergence 


The figure illustrates how two entries are removed, one from the LIB table and one from the 
LFIB table, when the link between routers B and C fails. This can be described as follows: 


= Router B has already removed the entry from the FIB table, once the IGP determined that 
the next hop was no longer reachable. 


= Router B has also removed the entry from the LIB table and the LFIB table given that the 
LDP has determined that router C is no longer reachable. 
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What Is the MPLS Convergence After a Link 
Failure? 


This topic describes MPLS convergence that occurs in an MPLS network after a link failure. 


MPLS Convergence 


Routing Table of B FIB on B 
Network |Next Ho [Network | LSR_ | Label__| 


LIB onB 
Network LSR Label 


xX local 25 Network X 


LFIB on B 


The LFIB and labeling information in the 
FIB are rebuilt immediately after the 
routing protocol convergence, based on 
labels stored in the LIB. 
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After the IGP determines that there is another path available, a new entry is created in the FIB 
table. 


This new entry points toward router E, and there is already a label available for network X via 
router E. 


This information is then used in the FIB table and the LFIB table to reroute the LSP tunnel via 
router E. 
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2-42 


MPLS Convergence After a Link Failure 
ee Cisco.com | 


* MPLS convergence in frame-mode MPLS does not 
affect the overall convergence time. 


* MPLS convergence occurs immediately after the 
routing protocol convergence, based on labels 
already stored in the LIB. 
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The overall convergence in an MPLS network is not affected by LDP convergence when there 
is a link failure. 


Frame-mode MPLS uses liberal label retention mode, which enables routers to store all 
received labels, even if the labels are not being used. 


These labels can be used, after the network convergence, to enable immediate establishment of 
an alternative LSP tunnel. 
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What Happens in Link Recovery? 


This topic describes IP and MPLS convergence after a failure has been resolved. 


Link Recovery Actions 


Routing Table of B FIB on B 


Network |Next Ho Network | LSR__| Label _| 


LIB onB 
Ni 4 LSR Li I 
jetwor' Ss abe! Network X 
xX local 25 


LFIB onB 


sr a 
25 Routing protocol neighbors are 


discovered after link recovery. 
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Example: Link Recovery Actions 


The figure illustrates the state of the routing tables at the time the link between routers B and C 
becomes available again. 
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Link Recovery Actions: 
IP Routing Convergence 


Routing Table of B FIB onB 
Network |Next Ho [Network | LSR_ | Label_| 


Network X 


LFIB on B 


TIO Ee heed «6©60°«%IP routing protocols rebuild the IP routing 
25 | pop | Cc table. 


° The FIB and the LFIB are also rebuilt, but 
the label information might be lacking. 
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The IGP determines that the link is available again and changes the next-hop address for 
network X to point to router C. However, when router B also tries to set the next-hop label for 
network X, it has to wait for the LDP session between routers B and C to be reestablished. 


A pop action is used in the LFIB on router B while the LDP establishes the session between 
routers B and C. This process adds to the overall convergence time in an MPLS domain. The 
downtime for network X is not influenced by LDP convergence because normal IP forwarding 
is used until the new next-hop label is available. 


Note Although this behavior has no significant effect on traditional IP routing, it can significantly 
influence MPLS VPN networks. This is because the VPN traffic cannot be forwarded before 
the LDP session is fully operational. 
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Link Recovery Actions: 


MPLS Convergence 
ee NN Ciscolcont) sn | 


* Routing protocol convergence optimizes the 
forwarding path after a link recovery. 


° The LIB might not contain the label from the new 
next hop by the time the IGP convergence is 
complete. 


¢ End-to-end MPLS connectivity might be 
intermittently broken after link recovery. 


° Use MPLS Traffic Engineering for make-before- 
break recovery. 
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Link recovery requires that an LDP session be established (reestablished), which adds to the 
convergence time of LDP. 


Networks may be temporarily unreachable because of the convergence limitations of routing 
protocols. 


MPLS TE can be used to prevent longer downtime when a link fails or is recovering. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
pe eee Cisco.com | 


° MPLS is fully functional when LIB, LFIB, and FIB 
tables are populated. 


¢ Overall network convergence is dependent upon 
the IGP. 


¢ Upon a link failure, entries are removed from 
several routing tables. 


° MPLS convergence in a frame-mode network does 
not affect overall convergence time. 


¢ MPLS data structures may not contain updated 
data by the time the IGP convergence is complete. 
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Lesson 3 | 


Introducing Typical Label 
Distribution Over LC-ATM 
Interfaces and VC Merge 


Overview 


This lesson describes how tables are built and how labels are processed in cell-mode MPLS 
networks. The lesson also introduces a concept called virtual circuit merge (VC merge). It is 
important to understand the differences between label distribution in frame-mode MPLS 
networks and cell-mode MPLS networks. This lesson explores some of the key differences 
when a cell-mode network is deployed. 


Objectives 


Upon completing this lesson, you will be able to describe typical label distribution over label 
controlled-ATM (LC-ATM) interfaces and VC merge. This ability includes being able to meet 
these objectives: 


Identify issues that can arise in cell-mode MPLS network deployments 

Describe how the IP routing table is populated in a cell-mode MPLS network 
Describe how the IP forwarding table is populated in a cell-mode MPLS network 
Describe how labels are requested in cell-mode MPLS networks 

Describe how labels are allocated in cell-mode MPLS networks 


Identify the issues that can occur with the interleaving of cells in cell-mode MPLS 
networks 


Describe the characteristics of VC merge 
Describe how loop detection is managed in cell-mode MPLS networks 


Describe the characteristics of per-interface label allocation 
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What Are Cell-Mode MPLS Network Issues? 


This topic describes the issues that can arise in cell-mode MPLS network deployments. 


Cell-Mode MPLS Network Issues 


¢ An MPLS label is encoded as the VPI/VCI value in 
cell-mode MPLS networks. 


¢ Each VPI/VCI combination represents a virtual 
circuit in ATM. 


¢ The number of virtual circuits supported by router 
and switch hardware is severely limited. 


¢ Conclusion: Labels in cell-mode MPLS are a 
scarce resource. 


Cell-mode MPLS is significantly different from frame-mode MPLS because of some ATM- 
specific requirements. Some of the differences are as follows: 


m= ATM uses cells, not frames. A single packet may be encapsulated into multiple cells. Cells 
are a fixed length, which means that normal labels cannot be used because they would 
increase the size of a cell. The virtual path identifier/virtual channel identifier (VPI/VCI) 
field in the ATM header is used as the MPLS label. An LSP tunnel is therefore called a 
virtual circuit in ATM terminology. 


m= ATM switches and routers usually have a limited number of virtual circuits that they can 
use. MPLS establishes a full mesh of LSP tunnels (virtual circuits), which can result in an 
extremely large number of tunnels. 


Additional mechanisms must be used because of the limitations of ATM hardware. 
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Building the IP Routing Table 


This topic describes how the IP routing table is populated in cell-mode MPLS networks. 


Building the IP Routing Table 


Routing Table of A Routing Table of C Routing Table of D Routing Table of E 
Network |Next Ho Network |Next Ho Network | Next Ho Network | Next Ho 
xX Xx E x 


Routing Table of B 


Network | Next Hop 
X c Network X 


¢ IP routing protocols are used to build IP routing tables on 
all LSRs. 


* The routing tables are built as if the ATM switches were 
regular routers. 
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Example: Building the IP Routing Table 


The figure shows how IP- and MPLS-aware ATM switches exchange IP routing information 
with routers. 


On the control plane, each ATM switch acts as an IP router, and the routing tables are built as if 
the ATM switches were routers. 


Because the ATM switch acts as an IP router, it is seen as an extra IP hop in the network. 
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Building the IP Forwarding Table 


This topic describes how the IP forwarding table is populated in cell-mode MPLS networks. 


Building the IP Forwarding Table 


Routing Table of A Routing Table of C Routing Table of D Routing Table of E 
Network |Next Ho} Network | Next Ho Network | Next Ho Network | Next Ho) 
x Xx 


Routing Table of B 
Network | Next Hop 


x Cc Network X 


* Unlabeled IP packets cannot be propagated across LC-ATM 
interfaces. 


* Forwarding tables are not built until the labels are assigned 
to destinations in IP routing tables. 
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Because ATM switches cannot forward IP packets, labels cannot be asynchronously assigned 
and distributed. 


Instead, the router initiates an ordered sequence of requests on the upstream side of the ATM 
network. 


It is not until the request is answered, with the label and assigned to destinations in the IP 
routing table, that the forwarding table is populated. 
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Requesting a Label 


This topic describes how labels are requested in cell-mode MPLS networks. 


Requesting a Label 


Routing Table of A Routing Table of C Routing Table of D Routing Table of E 


Network |Next Ho Network | Next Ho Network | Next Ho Network | Next Ho 
X Cc xX D x E x conn 


E 


An ATM switch can allocate an ; 
incoming label only if it already A switch requests a 
has a corresponding outgoing label. label from its next hop. | 


¢ Labels have to be explicitly requested over LC-ATM 
interfaces. 


¢ Arouter requests a label for every destination in the routing 
table with the next hop reachable over an LC-ATM interface. 


Example: Requesting a Label 


In the figure, a request is sent from router A to the ATM switch C. Because the ATM switch 
cannot perform IP lookups, the switch is not allowed to reply with the local label unless it 
already has the next-hop label. If switch C does not have the next-hop label, switch C must 
forward the request to the next downstream neighbor, ATM switch D. 


If switch D does not have the next-hop label, switch D must forward the request to the next 
downstream neighbor. 


When the request reaches router E, a reply can be sent because the cell-mode part of the 
network ends on router E (which, therefore, acts as an ATM edge LSR). 
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locating a Label 


This topic describes how labels are allocated in cell-mode MPLS networks. 


Allocating a Label 


Routing Table of A Routing Table of C 


Routing Table of D 


Routing Table of E 


Network | Next Ho) Network |Next Ho Network |Next Ho) Network | Next Hop 
x c x D x E x conn 
> 


LFIB on C 
Action 
2/82 


Label 
1/56 


Label 
2/82 


The LFIB is actually the 
ATM switching matrix. 


1137 


Next Hop # Network 
D = Ss 


LFIB onD 
Action 


Label 
WEY 
2/82 


Next Hop 


An ATM LSR replies to an incoming label request 
after receiving an outgoing label. It replies with 
the allocated label to the incoming request. 


© 2004 Cisco Systems, 


Example: Allocating a Table 


In the figure, router E replies with its local label 1/37. The ATM switch D can now generate 
and use its local label 2/82. Switch C receives the next-hop label from switch D and forwards 


2-52 


its own local label 1/56 to router A. 


LIB onE 
[Network] LSR_ | Label _| 
Px | toca | 1137 | 
LFIB onE 

Action 


pop 


Label 
1137 


Next Hop 


The egress ATM edge 
LSR allocates a label and 
replies to the request. 
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As seen in the figure, an ordered sequence of downstream requests is followed by an ordered 
sequence of upstream replies. This type of operation is called downstream-on-demand 


allocation of labels. 
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Allocating a Label (Cont.) 


Routing Table of A 
Network |Next Hop 


LIB onA 


Eek Network X 


Network LSR Label The ingress ATM edge LSR requesting a label 
xX c 1/56 inserts the received label in its LIB, FIB, and LFIB.} 
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The processing of LDP replies on router A (also an ATM edge LSR) is similar to processing in 
frame-mode MPLS; the received label is stored in the LIB, FIB, and LFIB tables. 
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Allocating a Label: 
Allocation Requests—Additional LSRs 


Routing Table of A Routing Table of C Routing Table of D Routing Table of E 


Network |Next Ho) Network |Next Ho Network |Next Ho Network | Next Ho) 
X Cc x D x E xX conn 
a 


LFIB on C 
Routing Table of B Nenwors Label Action Next Hop 
Network |Next Ho} | 282 | 1/56 2/82 D 


aa ae Poca | 16 
local 1/43 


Each upstream LSR will request The ATM LSR could reuse an already 
from an ATM LSR a label for allocated downstream label for the 
downstream destinations. second upstream label. 
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Example: Additional LSRs 
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The figure shows how another router, router B, requests a label for the same destination that 
router A has previously requested. The ATM switch C already has a next-hop label for network 
X and, therefore, can immediately reply to router B. 


The figure also shows that the switch used a different local label, 1/43, from the label sent to 
router A, 1/56. This is because ATM switches use per-interface VPI/VCI values and can now 
also use per-interface label space. 
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What Are Cell Interleave Issues? 


This topic identifies the issues that can occur with the interleaving of cells in cell-mode MPLS 
networks. 


Cell Interleave Issues 


FIB onA LFIB on C 
Network LSR Label Label Action Next Hop 


1/56 1/56 2/82 D 
1143 2/82 D 


If an ATM LSR reuses a downstream 
Network LSR label, cells from several upstream 
xX Cc LSRs might become interleaved. 


¢ Solution 1: Allocate a separate downstream label for each 
upstream request. 


* Solution 2: Prevent cell interleave by blocking incoming cells 
until a whole frame is collected. 
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Routers A and B request for the same network X has resulted in an unusual situation. Two 
virtual circuits from routers A and B (1/56 and 1/43) merge into one VC (2/82). 


Standard ATM virtual switching hardware does not support this situation and, as a result, 


segmented packets from the two sources may become interleaved between the ATM switches C 
and D. 


The receiving router, E, is then unable to correctly reassemble those cells into two packets. 


Here are the two possible solutions to this problem: 


m Allocate anew downstream label for each request. This solution would result in a greater 
number of labels. 


m= Buffer the cells of the second packet until all cells of the first packet are forwarded. This 
solution results in an increased delay of packets because of buffering. 
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Cell Interleave Issues: 
Additional Label Allocation 


Routing Table of A Routing Table of C Routing Table of D 


Network |Next Ho Network | Next Ho Network |Next Ho} 
x c x D x E 


Label 
LFIB onC 1137 


Label Action Next Hop 


Routing Table of B 4/56 2182 


Routing Table of E 
Network |Next Ho 


xX conn 


LFIB on E 
Action Next Hop 


pop 


LIB onE 


D 
oe Next Ho Network 
x c x 


The ATM LSR requests a new label The ATM egress router has to allocate 
from downstream LSRs for every a unique label for every ATM ingress 
upstream request. router for every destination. 


Example: Additional Label Allocation 


This figure illustrates the first option, where an additional LSP tunnel is created for the same 
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destination network X for every upstream ATM edge LSR. 
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ATM switch C now has two next-hop labels for network X, one for source router A and the 


other for source router B. 
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What Is VC Merge? 


This topic describes the characteristics of VC merge. 


2/82 @ 2/82 


LFIB onC 
Label Action Next Hop 
1/56 2/82 D 
1/43 2/82 D 


* VC merge is a solution in which incoming cells are 
blocked until the last cell in a frame arrives. 


° All buffered cells are then forwarded to the next-hop 
ATM LSR. 
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Example: VC Merge 


The figure illustrates the second option, where the ATM switch C buffers cells coming from 
router B until the last cell of the packet coming from router A is forwarded. 


This option reduces the number of labels (virtual circuits) needed in the ATM network, but 
increases the average delay across the network. 
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VC Merge: 


Benefits and Drawbacks of VC Merge 
_—————— eee IEEE Cisco con mmm) 


Benefit of VC merge: 


* The merging ATM LSR can reuse the same 
downstream label for multiple upstream LSRs. 


Drawbacks of VC merge: 


° Buffering requirements increase on the ATM LSR. 
° Jitter and delay across the ATM network increase. 


¢ The ATM network is effectively transformed into a 
frame-mode MPLS network. 


The major benefit of VC merge is that it minimizes the number of labels (VPI/VCI values) 
needed in the ATM part of the network. As identified in the topic What Are Cell-Mode MPLS 
Network Issues, labels are a scarce resource in cell-mode MPLS networks. 

The major drawbacks to VC merge are as follows: 

= Buffering requirements increase on the ATM LSR. 

m There is an increase in delay and jitter in the ATM network. 


= ATM networks under heavy load become more like frame-based networks. 


2-58 Implementing Cisco MPLS (MPLS) v2.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Detecting Loops in Cell-Mode MPLS Networks 


This topic describes how loop detection is managed in cell-mode MPLS networks. 


Loop Detection in Cell-Mode MPLS 


° The VPI/VCI field in the ATM header is used for 
label switching. 


¢ The ATM header does not contain a TTL field. 


° LDP still primarily relies on IGPs to prevent routing 
loops. 


° There is an additional mechanism built into LDP to 
prevent loops. 


Cell-mode MPLS uses the VPI/VCI fields in the ATM header to encode labels. These two 
fields do not include a TTL field. Therefore, cell-mode MPLS must use other ways of 
preventing routing loops. 


Again, most loops are prevented by the IGP, used in the network. However, if there is a loop, 
LDP can identify the LDP requests that were looped. 
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LDP Hop-Count TLV 
eee Cisco.com | 


e LDP uses an additional TLV to count the number of 
hops in an LSP. 


¢ The TTL field in the IP header or label header is 
decreased by the number of hops by the ingress 


ATM edge LSR before being forwarded through 
an LVC. 


° If the TTL field is 0 or less, the packet is discarded. 


¢ The maximum number of hops can also be 
specified for LDP. 
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LDP uses a hop-count type, length, value (TLV) attribute to count hops in the ATM part of the 
MPLS domain. 


This hop count can be used to provide correct TTL handling on ATM edge LSRs on behalf of 
ATM LSRs that cannot process IP packets. 


A maximum limit in the number of hops can also be set. 
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Example: LDP Hop Count 


10.0.0.0/16 10.0.0.0/16 10.0.0.0/16 
L=1/43 L=1/34 L=1/35 
Hops=3 Hops=2 Hops=1 


LSR A discovers the length of the LSP across the ATM 
domain to LSR D through LDP. 
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Example: LDP Hop Count 


The figure illustrates how LDP, in addition to propagating the IP prefix-to-label mapping, 
counts hops across an MPLS-enabled ATM network. 
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Traceroute Through ATM LSRs 


TTL is decreased by 3. 
The new TTL value 
would be —2. 

The packet is dropped. 


traceroute 10.1.1.1 
1 #10ms A.acme.com 


° The first traceroute packet that reaches the 
network is dropped on router A. 


¢ An ICMP time-to-live exceeded message is 
sent to the source from router A. 


MPLS v2.1—2-17 


Example: Traceroute Through ATM LSRs 


The figures of Traceroute Through ATM LSRs illustrate how traceroute works across an IP- 
aware ATM network that is not capable of using the TTL field and generating ICMP replies. 


This figure illustrates how an edge ATM LSR subtracts the hop-count value instead of simply 
decreasing the TTL value. 


The first packet results in a TTL value of —2 (less than or equal to 0), and the packet is dropped. 
An ICMP reply is sent to the source. 
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Traceroute Through ATM LSRs (Cont.) 


TTL is decreased by 3. 
The new TTL value 
would be —1. 

The packet is dropped. 


traceroute 10.1.1.1 
1 10ms A.acme.com 
2 #10ms A.acme.com 


° The second traceroute packet that reaches the 
network is dropped on router A. 


¢ An ICMP time-to-live exceeded message is 
sent to the source from router A. 


MPLS v2.1—2-18 


The second packet is also dropped, and another ICMP reply is sent from router A on behalf of 
ATM switch B, which cannot identify the TTL field and send ICMP replies itself. 


TTL is decreased by 3. 
The new TTL value 
would be 0. 

The packet is dropped. 


traceroute 10.1.1.1 


1 10ms A.acme.com 
2 10ms A.acme.com 


¢ The third traceroute packet that reaches the 3. 10 ms A.acme.com 
network is dropped on router A. 


¢ An ICMP time-to-live exceeded message is 
sent to the source from router A. 
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The third packet is also dropped, and the third ICMP reply is sent from router A on behalf of 
the ATM switch C. 
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Traceroute Through ATM LSRs (Cont.) 


TTL is decreased by 3. 
The new TTL value is 1. 
The packet is forwarded. 


traceroute 10.1.1.1 
¢ The fourth traceroute packet that reaches 10 ms A.acme.com 


10 .acme.com 


the network is dropped on router D. 0. ain! ee ce 


* An ICMP time-to-live exceeded message is ae sara 
sent to the source from router D. 
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The fourth packet can reach the other edge ATM LSR (a router), which is capable of 
identifying the TTL field and sending ICMP replies. 


The traceroute application receives as many replies as there are hops in the network, even 
though there are two devices in the path that are not capable of identifying the TTL field. 
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What Is Per-Interface Label Allocation? 


This topic describes the characteristics of per-interface label allocation. 


Per-Interface Label Allocation 


LFIB on C 
The ATM edge LSR must Incoming I/F VPI/VCI Outgoing I/F VPI/VCI 
request a label over ATM 0/0 1173 ATM 1/3 1139 
every interface. ATM 1/0 1169 ATM 1/3 1139 


Network X 
* The LFIB on an ATM switch (ATM switching matrix) 
always contains the incoming interface. 


¢ Labels must be assigned for individual 
interfaces—per-interface label allocation. 


* The same label can be reused (with a different meaning) 
on different interfaces. 


Cell-mode MPLS defaults to using per-interface label space because ATM switches support 
per-interface VPI/VCI values to encode labels. 


Therefore, if a single router has two parallel links to the same ATM switch, two LDP sessions 
are established and two separate labels are requested. 
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Per-Interface Label Allocation: Security of 
Per-Interface Label Allocation 


LFIB onC 
Incoming I/F VPI/VCI Outgoing I/F VPI/VCI The packet or cell arriving 
ATM 0/0 1173 ATM 1/3 1139 through the proper 
interface is forwarded. 


Network X 


A labeled packet or cell 
coming through a wrong 
interface is dropped. 


Per-interface label allocation is secure; labeled 
packets (or ATM cells) are accepted only from the 
interface where the label was actually assigned. 
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One benefit of per-interface label space is that it prevents label spoofing. In the figure, for 
example, the bottom router has tried to send a cell with a label that was advertised only to 
router A. The switch has failed to forward the cell because the cell came in through the wrong 
interface. 


The two main forwarding differences between frame-mode and cell-mode MPLS are as 
follows: 


m Frame-mode MPLS forwards packets based solely on labels. 


m™ Cell-mode MPLS forwards cells based on the incoming interface and the label (VPI/VCI 
field). 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


¢ In cell-mode MPLS networks, the label is encoded 
as the VPI/VCI field from the ATM header. 


* Each ATM switch acts as an IP router, exchanging 
IP router information. 


* Routing tables are built only after an ordered 
sequence of requests, from the upstream side, 
have been answered from downstream routers. 


* An ATM switch can allocate an incoming label only 
if it already has a corresponding outgoing label. 


* An egress ATM edge LSR allocates a label and 
replies to requests from upstream neighbors. 


Summary (Cont.) 


¢ LDP uses an additional TLV to count the number of 
hops in an LSP. 


* Because it is possible to have two virtual circuits 
merge into one virtual circuit, the interleaving of 
cells is a potential problem. 


¢ VC merge solves the cell interleaving issue by 
buffering incoming cells from a new packet until all 
of the cells from the first packet have been 
forwarded. 


¢ Per-interface label allocation prevents label 
spoofing. 
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Lesson 4| 


Introducing MPLS Label 
Allocation, Distribution, and 
Retention Modes 


Overview 


In this lesson, label distribution parameters are discussed. The differences between label 
distribution parameters are covered, and the default Cisco parameter sets are identified. 


There are different modes of operation for MPLS. It is important to have a clear idea of what 
mode of operation is used under what condition, and if some situations will allow for multiple 
combinations of these modes. 


Objectives 


Upon completing this lesson, you will be able to describe the MPLS label allocation, 
distribution, and retention modes used in Cisco MPLS networks. This ability includes being 
able to meet these objectives: 


Describe the parameters used in Cisco MPLS label distribution and allocation 
Describe the features of label space 

Describe the two ways in which labels are distributed to neighbors 

Describe the two ways in which labels are allocated to neighbors 

Describe the two ways in which labels are retained 


Describe the default parameters of Cisco routers when MPLS is implemented 
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What Are Label Distribution Parameters? 


This topic describes the parameters used in MPLS label distribution and allocation. 


Label Distribution Parameters 


MPLS architecture defines several label 
allocation and distribution parameters: 


¢ Per-interface or per-platform label space 


¢e Unsolicited downstream or downstream-on-demand 
label distribution 


¢ Ordered or independent label allocation control 
¢ Liberal or conservative label retention 


The two label space options are as follows: 
m Per-interface label space, where labels must be unique for a specific input interface 


m= Per-platform label space, where labels must be unique for the entire platform (router) 


The two options for label generation and distribution are as follows: 


= Unsolicited downstream distribution of labels is used in frame-mode MPLS, where all 
routers can asynchronously generate local labels and propagate those labels to adjacent 
routers. 


= Downstream-on-demand distribution of labels is used in cell-mode MPLS, where ATM 
LSRs have to request a label for destinations found in the IP routing table. 
Another aspect of label distribution focuses on how labels are allocated, as listed here: 


m Frame-mode MPLS uses independent control mode, where all routers can start propagating 
labels independently of one another. 


m™ Cell-mode MPLS requires LSRs to already have the next-hop label if the LSRs are to 
generate and propagate their own local labels. This option is called ordered control mode. 


The last aspect of label distribution looks at labels that are received but not used, as listed here: 


m Frame-mode MPLS may result in multiple labels being received but only one being used. 
Unused labels are kept, and this mode is usually referred to as liberal label retention mode. 


m™ Cell-mode MPLS only keeps labels that it previously requested. This mode is called 
conservative label retention mode. 
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What Is Label Space? 


This topic describes the features of label space. 


Label Space: Per-Interface 
_————————— ee eee SNE CI0C0-00 1, Maem 


LFIB on C 


Incoming Outgoing 
Interface VPINCI Interface WINE. 


ATM 0/0 1173 ATM 1/3 1139 


Network X 


The LFIB on an LSR contains an incoming interface. 
Labels have to be assigned for individual interfaces. 


The same label can be reused (with a different meaning) on 
different interfaces. 


Label allocation is secure; LSRs cannot send packets with 
labels that were not assigned to them. 
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The LFIB table used with cell-mode MPLS maps a local label bound to an input interface to a 
next-hop label pointing to the outgoing interface. The label assigned to an input interface can 
be reused on another interface, and it can have a different meaning (assigned to a different 
destination). 


Per-interface label space prevents label spoofing by not allowing cell forwarding for labels 
(VPI/VCI values) that are not bound to the interface where the cell was received. 
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Label Space: Per-Platform 
_——— ee NN Cisco conn 


LFIB on B 
Label Action Next Hop 


Network X 


The LFIB on an LSR does not contain an incoming interface. 


The same label can be used on any interface and is announced 
to all adjacent LSRs. 


The label is announced to adjacent LSRs only once and can be 
used on any link. 


Per-platform label space is less secure than per-interface 
label space. 
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Per-platform label space is used with frame-mode MPLS, where one label is assigned to a 
destination network and sent to all LDP peers. This label can then be used on any incoming 
interface. The per-platform label space minimizes the number of LDP sessions and allows 
upstream LSP tunnels to span parallel links, because the same label is used on all of those links. 
However, per-platform label space is less secure than per-interface label space, because 
untrusted routers could use labels that were never allocated to them. 
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Distributing Labels 


This topic describes the two ways in which labels are distributed to neighbors. 


Label Distribution: 
Unsolicited Downstream 


LIB onB 


Network X 


The label for a prefix is allocated and advertised to all 
neighbor LSRs, regardless of whether the neighbors 
are upstream or downstream LSRs for the destination. 
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Unsolicited downstream distribution of labels is a method where each router independently 
assigns a label to each destination IP prefix in its routing table. This mapping is stored in the 
LIB table, which sends it to all LDP peers. There is no control mechanism to govern the 
propagation of labels in an ordered fashion. 


Example: Unsolicited Downstream 


The figure illustrates how router B creates a local label (25) and sends that label to all its 
neighbors. The same action is taken on other routers after the IGP has put network X into the 
main routing table. 


Each neighbor then decides upon one of the following options regarding the label: 
m Use the label (if router B is the closest next hop for network X) 


m Keep the label in the LIB table 
m™ Ignore the label 
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Label Distribution: 
Downstream-on-Demand 


Routing Table of A Routing Table of C Routing Table of D Routing Table of E 


Network X 


* An LSR will assign a label to a prefix only when 
asked for a label by an upstream LSR. 


¢ Label distribution is a hop-by-hop 
parameter—different label distribution mechanisms 
can coexist in an MPLS network. 
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Downstream-on-demand distribution of labels requires each LSR to specifically request a label 
from its downstream neighbor. The figure shows how router A requests a next-hop label from 
its downstream LDP peer. 


Unsolicited downstream and downstream-on-demand label distribution can be combined 
because labels are assigned and propagated hop by hop. The usual situation is that frame-mode 
MPLS uses unsolicited downstream label propagation, and cell-mode MPLS uses downstream- 
on-demand label propagation. 
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Allocating Labels 


This topic describes the two ways in which labels are allocated to neighbors. 


Label Allocation: Independent Control 
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* An LSR can always assign a label for a prefix, even if 
it has no downstream label. 


* Independent control can be used only for LSRs with 
Layer 3 capabilities. 


MPLS v2.1—2-8 


Independent control mode is usually combined with unsolicited downstream propagation of 
labels, where labels can be created and propagated independently of any other LSR. When 
independent control mode is used, an LSR might be faced with an incoming labeled packet 
where there is no corresponding outgoing label in the LFIB table. An LSR using independent 
control mode must therefore be able to perform full Layer 3 lookups. Independent control mode 
can be used only on LSRs with edge LSR functionality. 
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Label Allocation: Ordered Control 
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* An LSR can assign a label only if it has already 
received a label from the next-hop LSR; otherwise, 
the LSR must request a label from the next-hop LSR. 
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Ordered control mode is usually combined with downstream-on-demand propagation of labels, 
where a local label can be assigned and propagated only if a next-hop label is available. This 
requirement results in an ordered sequence of downstream requests until an LSR is found that 
already has a next-hop label or an LSR is reached that uses independent control mode. 


Although ordered control mode could be used with frame-mode MPLS, its use is mandatory on 
ATM switches, which cannot perform Layer 3 lookups. 


Example: Ordered Control 


The figure illustrates how both ATM LSRs forward requests until an edge is reached. The edge 
LSR uses independent control mode and can respond to the request. 
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Retaining Labels 


This topic describes the two ways in which labels are retained. 


Label Retention: Liberal Retention Mode 


LIBonA LIB onC 
Network LSR Label Network LSR Label 


X= 25 X= 25 


LIB on E Network X 


Network LSR Label 
x B 25 


¢ Each LSR stores the received label in its LIB, even 
when the label is not received from a next-hop LSR. 


° Liberal label retention mode improves convergence 
speed. 
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Liberal label retention mode dictates that each LSR keeps all labels received from LDP peers, 


even if they are not the downstream peers for network X. 


Example: Liberal Retention Mode 


The figure shows how router C receives and keeps the label received from router B for network 


X, even though router D is the downstream peer. 
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Label Retention: Conservative 
Retention Mode 


Network X 


* An LSR stores only the labels received from next- 
hop LSRs; all other labels are ignored. 


* Downstream-on-demand distribution is required 
during the convergence phase. 
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Conservative label retention mode keeps only labels that can immediately be used for normally 
routed traffic paths. Conservative label retention, downstream-on-demand, and ordered control 
mode help conserve label resources that affect usage of limited ATM virtual circuits. 


Example: Conservative Retention Mode 


The figure illustrates how ATM switch C does not consider switch B to be the next hop for 
network X and, therefore, drops the labels received from router B. 


Note Conservative label retention mode requires downstream-on-demand label allocation after 
network convergence. 
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What Are Standard Parameter Sets in MPLS 
Implementation? 


This topic describes the default parameters of Cisco routers when MPLS is implemented. 


Standard Parameter Sets in Cisco lOS 
Platform MPLS Implementation 


Routers with frame interfaces: 


* Per-platform label space, unsolicited downstream 
distribution, liberal label retention, independent control 


Routers with ATM interfaces: 


* Per-interface label space, downstream-on-demand 
distribution, conservative or liberal label retention, 
independent control 


ATM switches: 


* Per-interface label space, downstream-on-demand 
distribution, conservative label retention, ordered 
control 


The following default operation applies to routers using frame-mode MPLS (LSRs): 


m= Per-platform label space: Platform-wide incoming labels are used for interfaces. 
Interfaces can share the same labels. 


= Unsolicited downstream propagation of labels: Every LSR can propagate a label 
mapping to its neighbors without a request. 


m= Liberal label retention mode: This mode allows for easy failover if a link fails. 


m= Independent control mode: This mode makes label propagation faster (less time needed 
for LDP convergence), because LSRs do not have to wait to get the next-hop label from 
their downstream neighbors. 
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The following default operation applies to ATM switching using cell-mode MPLS (ATM 
LSRs): 


m Per-interface label space: Per-interface label space provides better security and is already 
available with standard ATM switching functionality. 


= Downstream-on-demand propagation of labels: LFIB tables on ATM switches are really 
ATM switching matrices that require full information before switching can start; full 
information includes next-hop label, which must be requested. 


= Conservative label retention mode: This mode is implicitly achieved by using the 
downstream-on-demand propagation of labels; no label is received unless it is requested. 


= Ordered control mode: This mode is used in combination with downstream-on-demand 
propagation of labels to ensure that every ATM LSR has all of the information needed to 
create an entry in the LFIB table (ATM switching matrix), including the next-hop label. 


The default operation of routers using cell-mode MPLS (ATM edge LSRs) is similar to that of 
ATM switches. The exception is that routers use independent control mode because they are the 
endpoints of the virtual circuits. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
ee NNN Ciccorcont | 


There are four MPLS label distribution parameters: label 
space, label distribution, label allocation, and label 
retention. 


Labels are generated on either a per-interface or 
per-platform basis. 


There are two methods in which labels are distributed to 
neighbors: unsolicited downstream distribution and 
downstream-on-demand distribution. 


There are two methods in which labels are allocated to 
neighbors: independent control and ordered control. 


There are two methods in which labels are retained: liberal 
retention mode and conservative retention mode. 


There are default parameters of Cisco routers using both 
frame-mode and cell-mode MPLS. 
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Lesson 5 | 


Discovering LDP Neighbors 


Overview 


This lesson takes a more detailed look at the LDP neighbor discovery process via hello 
messages and the type of information that is exchanged. The lesson also describes the events 
that occur during the negotiation phase of LDP session establishment and concludes with the 
nonadjacent neighbor discovery process. 


This lesson provides an understanding of how an LDP neighbor is discovered and what type of 
information is sent back and forth between two neighbors. The lesson also discusses situations 
in which the neighbor is not directly connected to a peer. This information will provide a 
further understanding of the MPLS technology. 


Objectives 


Upon completing this lesson, you will be able to describe how LDP neighbors are discovered. 
This ability includes being able to meet these objectives: 


Describe how LDP sessions are established between neighbors 

Describe the contents of an LDP hello message 

Describe negotiating label space as it applies to LDP session establishment 
Describe how LDP neighbors are discovered 

Describe the process of LDP session negotiation between LDP neighbors 
Describe how LDP sessions are established between ATM LSRs 


Describe how LDP discovers nonadjacent neighbors 
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Establishing an LDP Session 


This topic describes how LDP sessions are established between neighbors. 


LDP Session Establishment 


¢ LDP establishes a session by performing the following: 


— Hello messages are periodically sent on all 
interfaces that are enabled for MPLS. 


— MPLS enabled routers respond to received hello 
messages by attempting to establish a session with 
the source of the hello messages. 


° UDP is used for hello messages. It is targeted at “all 
routers on this subnet” multicast address (224.0.0.2). 


° TCP is used to establish the session. 


¢ Both TCP and UDP use well-known LDP port number 
646 (711 for TDP). 


LDP is a standard protocol used to exchange labels between adjacent routers. TDP is a Cisco 
proprietary protocol that has the same functionality as LDP. 


Although the remainder of this lesson will focus on LDP, it should be noted that TDP, as the 
predecessor of LDP, works in a similar fashion. 


LDP periodically sends hello messages. The hello messages use UDP packets with a multicast 
destination address of 224.0.0.2 (“all routers on a subnet”) and destination port number of 646 
(711 for TDP). 


If another router is enabled for LDP (or TDP), it will respond by opening a TCP session with 
the same destination port number (646 or 711). 
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What Are LDP Hello Messages? 


This topic describes the contents of an LDP hello message. 


LDP Hello Message 


IP Header UDP Header LDP Hello Message 


Source address=1.0.0.1 Source port=1050 = = : 
Destination address=224.0.0.2 | Destination port=646 Transport address=1.0.0.1 LDP ID=1.0.0.1:0 


Well-known multicast IP’ Well-known port number Optional TLV used to 6-byte TLV identifying 
address identifying all used for LDP identify the source IP the router and label 
routers on the subnet address for LDP session space 


¢ Hello messages are targeted at all routers reachable through 
an interface. 


¢ LDP uses well-known (UDP and TCP) port number 646. 


¢ The source address used for an LDP session can be set by 
adding the transport address TLV to the hello message. 


* A6-byte LDP identifier (TLV) identifies the router 
(first four bytes) and label space (last two bytes). 


The contents of a hello message are as follows: 
m Destination IP address (224.0.0.2), which targets all routes on the subnetwork 
m= Destination port, which equals the LDP well-known port number 646 


m= The actual hello message, which may optionally contain a transport address TLV to instruct 
the peer to open the TCP session to the transport address instead of the source address 
found in the IP header 


The LDP identifier is used to uniquely identify the neighbor and the label space; multiple 
sessions can be established between a pair of LSRs if they use multiple label spaces. 
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Negotiating Label Space 


This topic describes negotiating label space as it applies to LDP session establishment. 


Label Space 


¢ LSRs establish one LDP session per label space. 


—Per-platform label space requires only one LDP 
session, even if there are multiple parallel links 
between a pair of LSRs. 


° Per-platform label space is announced by setting 
the label space ID to 0, for example: 


—LDP ID = 1.0.0.1:0 


e Acombination of frame-mode and cell-mode 
MPLS, or multiple cell-mode links, results in 
multiple LDP sessions. 


If a pair of routers is connected over two or more parallel links and use frame-mode MPLS, the 
routers try to establish multiple sessions by using the same LDP identifier. Because the routers 
are using per-platform label space, this action will result in only one session remaining; the 
other session will be broken. 


Per-platform label space is identified by setting the label space ID to 0 in the LDP identifier 
field. 


If the two routers use different LDP identifiers (for example, if one link uses frame-mode 
MPLS and the other uses cell-mode MPLS), they will keep both sessions. 
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Label Space: Negotiation 
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* One LDP session is established for each announced LDP identifier 
(router ID + label space). 

* The number of LDP sessions is determined by the number of different 
label spaces. 

* The bottom right example is not common, because ATM LSRs do not 
use Ethernet for packet forwarding, and frame-mode MPLS across 
ATM uses per-platform label space. 
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Example: Label Space Negotiation 


The figure illustrates four different combinations with two parallel links between a pair of 
routers. The top routers are frame-mode routers. 


A general rule can be extracted from the four examples: An LDP session is established per 
interface except for all frame-mode interfaces, where only one LDP session between a pair of 
LSRs is used because frame-mode MPLS uses per-platform label space. 


Note The bottom right example is not common, because ATM LSRs do not use Ethernet for 
packet forwarding, and frame-mode MPLS across ATM uses per-platform label space. 
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Discovering LDP Neighbors 


This topic describes how LDP neighbors are discovered. 


LDP Neighbor Discovery 
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UDP: Hello 
(1.0.0.4:1035 +» 224.0.0.2:646) 


An LDP session is established from the router with the 
higher IP address. 


Example: LDP Neighbor Discovery 


In the figure, three out of four routers periodically send out LDP hello messages (the fourth 
router is not MPLS-enabled). 


Routers that have the higher IP addresses must initiate the TCP session. 


Note The highest IP address of all loopback interfaces is used. If no loopback interfaces are 
configured on the router, the highest IP address of a configured interface that was 
operational at LDP startup is used. 


After the TCP session is established, routers will keep sending LDP hello messages to 
potentially discover new peers or to identify failures. 
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Negotiating LDP Sessions 


This topic describes the process of LDP neighbor session negotiation between LDP neighbors. 


LDP Session Negotiation 


Establish TCP Session 


Initialization Message 
Initialization Message 


Keepalive 


Keepalive 


° Peers first exchange initialization messages. 


* The session is ready to exchange label mappings 
after receiving the first keepalive. 
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LDP session negotiation is a three-step process, as follows: 
Step 1 Establish the TCP session. 
Step 2 Exchange initialization messages. 


Step 3 Exchange initial keepalive messages. 


After these steps have occurred, the two peers will start exchanging labels for networks that 
they have in their main routing tables. 
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Establishing LDP Sessions Between ATM LSRs 


This topic describes how LDP sessions are established between ATM LSRs. 


LDP Sessions Between ATM LSRs 


QL LFIB hg RL LFIB bg 


* An IP adjacency between ATM LSRs is established 
through the control virtual circuit (0/32). 


¢ The control virtual circuit is used for LDP and for IP 
routing protocols. 


* VSI protocol is used to populate the ATM switching 
matrix (LFIB) in the data plane of some ATM switches 
(Cisco implementation). 


Example: LDP Sessions Between ATM LSRs 


The figure illustrates the operation of LDP in ATM networks. ATM LSRs establish the IP 
adjacency across the MPLS control virtual circuit, which by default has a VPI/VCI value of 
0/32. 


An IP routing protocol and LDP (or TDP) use this control virtual circuit to exchange IP routing 
information and labels. 


Some Cisco devices use the Virtual Switch Interface (VSI) protocol to create entries in the 
LFIB table (ATM switching matrix of the data plane) based on the information in the LIB table 
(control plane). This protocol is used to dynamically create virtual circuits for each IP network. 
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Discovering Nonadjacent Neighbors 


This topic describes how LDP discovers nonadjacent neighbors. 


LDP Discovery of Nonadjacent neat lates 


¢ LDP neighbor discovery of nonadjacent neighbors 
differs from normal discovery only in the 
addressing of hello packets: 


— Hello packets use unicast IP addresses instead 
of multicast addresses. 


¢ When a neighbor is discovered, the mechanism to 
establish a session is the same. 
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LDP can also be used between nonadjacent routers. However, LDP hello messages use unicast 
IP addresses instead of multicast. The rest of the session negotiation is the same as for adjacent 
routers. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


UDP multicast is used to discover LDP neighbors, while TCP 
is used to establish a session. 


LDP hello messages contain an identifier field that uniquely 
identifies the neighbor and the label space. 


Per-platform label space requires only one LDP session. 


An LDP session is initiated in TCP from the higher IP address 
router. 


LDP session negotiation is a three-step process: establishing 
the TCP session, exchanging initialization messages, and 
exchanging initial keepalive messages. 

LDP sessions between ATM LSRs use the control VPI/VCI, 
which by default is 0/32. 


Nonadjacent neighbor discovery is accomplished by using 
unicast IP addresses instead of multicast. 
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Module Summary 


This topic summarizes the key points discussed in this module. 


Module Summary 


Information is distributed and allocated into specific tables 
so that labeled and unlabeled packets are used effectively. 


Frame-mode MPLS depends on liberal label mode and IGP 
for convergence Frame-mode loop detection also depends 
on IGP along with label and IP header TTL. 


Cell-mode MPLS conserves VPI/VCI label resources though 
downstream-on-demand distribution with conservative label 
retention. Cell-mode loop detection also depends on IGP 
along with LDP hop-count TLV. 


Frame-mode and cell-mode MPLS differ in methods of label 
address space, distribution, allocation, and retention. 


LDP uses multicast UDP for neighbor discovery and TCP for 
session establishment. 


In an MPLS network, labels are assigned and distributed, involving neighbor discovery and 
session establishment. Label information is populated in LIB, FIB, and LFIB tables. 


References 
For additional information, refer to these resources: 
m RFC 3031, Multiprotocol Label Switching Architecture 
m RFC 3036, LDP Specification 
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Module Self-Check 


Use the questions here to review what you learned in this module. The correct answers and 
solutions are found in the Module Self-Check Answer Key. 


2-94 


Ql) 


Q2) 


Q3) 


Q4) 


Q5) 


Q6) 


Which of the following statements best describes PHP? (Source: Introducing Typical 
Label Distribution in Frame-Mode MPLS) 

A) PHP works only for TDP and not for LDP. 

B) PHP works only for LDP and not for TDP. 


C) PHP optimizes MPLS performance. 
D) PHP is configurable and by default is disabled. 


Which of the following descriptions applies to per-platform label allocation? (Source: 
Introducing Typical Label Distribution in Frame-Mode MPLS) 

A) default operation for frame-mode MPLS 

B) an approach that results in larger LIB and LFIB tables 


C) an approach that results in slower label exchange 
D) a future enhancement for MPLS 


Which three of the following are contained in the LFIB? (Choose three.) (Source: 
Introducing Typical Label Distribution in Frame-Mode MPLS) 

A) local generated label 

B) outgoing label 

C) incoming label 

D) next-hop address 


When an IP packet is to be label-switched as it traverses an MPLS network, which 
table is used to perform the label switching? (Source: Introducing Typical Label 
Distribution in Frame-Mode MPLS) 


A) LIB 
B)  -FIB 
C)  FLIB 
D) ~—_—LFIB 


Which statement is correct? (Source: Introducing Typical Label Distribution in Frame- 
Mode MPLS) 


A) An IP forwarding table resides on the data plane; LDP (or TDP) runs on the 
control plane; and an IP routing table resides on the data plane. 

B) An IP forwarding table resides on the data plane; LDP (or TDP) runs on the 
control plane; and an IP routing table resides on the control plane. 

C) An IP forwarding table resides on the control plane; LDP (or TDP) runs on the 
control plane; and an IP routing table resides on the data plane. 

D) An IP forwarding table resides on the control plane; LDP (or TDP) runs on the 
control plane; and an IP routing table resides on the control plane. 


Which two tables contain label information? (Choose two.) (Source: Introducing 
Typical Label Distribution in Frame-Mode MPLS) 


A) LIB 

B) main IP routing label 
C) FLIB 

D) LFIB 
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Q7) Which of the following generates a label update? (Source: Introducing Typical Label 
Distribution in Frame-Mode MPLS) 


A) UDP 
B) OSPF 
C)  EIGRP 
D) LDP 


Q8) Which two statements are correct? (Choose two.) (Source: Introducing Typical Label 
Distribution in Frame-Mode MPLS) 
A) LSPs are bidirectional. 
B) LSPs are unidirectional. 
C) LDP advertises labels for the entire LSP. 
D) LDP advertises labels only for individual segments in the LSP. 


Q9) Which statement is correct regarding TTL propagation being disabled? (Source: 
Introducing Typical Label Distribution in Frame-Mode MPLS) 
A) The label TTL is copied back into the IP TTL. 
B) The IP TTL is copied back into the TTL of the label. 


C) The IP TTL is not copied back into the TTL of the label. 
D) None of the above is correct. 


Q10) Which of the following enables routers in a frame-mode MPLS network to store all 
received labels, even if they are not being used? (Source: Introducing Convergence in 
Frame-Mode MPLS) 


A) keep-all-labels mode 


B) liberal label max-all mode 
C) liberal label retention mode 
D) A router in a frame-mode network does not keep all labels; the router keeps 


only the labels that it will use. 


Q11) Which table is NOT used to determine if MPLS is fully functional? (Source: 
Introducing Convergence in Frame-Mode MPLS) 


A) LIB 
B) _LFIB 
Cc) FIB 
D) —‘-FLIB 


Q12) Upon a link failure, which three tables are updated to reflect the failed link? (Choose 
three.) (Source: Introducing Convergence in Frame-Mode MPLS) 


A) LIB 
B) _LFIB 
Cc) FIB 
D) ‘*FLIB 


Q13) Which statement best describes how a link failure is handled in an MPLS network? 
(Source: Introducing Convergence in Frame-Mode MPLS) 


A) Overall convergence depends on LDP. 

B) Overall convergence depends on the IGP that is used. 

C) Upon a link failure, only LDP convergence is affected. 
D) Upon a link failure, only the IGP convergence is affected. 
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Q14) 


Upon a link recovery, which three tables are updated to reflect the failed link? (Choose 
three.) (Source: Introducing Convergence in Frame-Mode MPLS) 


A) LFIB 
B) FLIB 
C) FIB 
D) LIB 

Q15) Which of the following statements best describes convergence in a frame-mode MPLS 
network after a link failure has occurred and been restored? (Source: Introducing 
Convergence in Frame-Mode MPLS) 

A) MPLS convergence occurs after IGP convergence. 

B) MPLS convergence occurs before IGP convergence peer to peer. 

C) If a failure occurs with the IGP, MPLS convergence is not affected. 

D) If a failure occurs with the IGP, MPLS will not be able to converge after the 
IGP failure has been corrected unless the MPLS process is bounced. 

Q16) What are two possible solutions to the interleaving of cells in cell-mode MPLS? 
(Choose two.) (Source: Introducing Typical Label Distribution Over LC-ATM 
Interfaces and VC Merge) 

A) Allocate a downstream label for each request. 

B) There is no possibility of cells being interleaved if the correct configuration is 
performed on ATM switches. 

C) Buffer the cells of the second packet. 

D) There are no issues with the interleaving of cells. 

Q17) Incell-mode MPLS networks, where are labels inserted? (Source: Introducing Typical 
Label Distribution Over LC-ATM Interfaces and VC Merge) 

A) Labels are inserted between the Layer 2 header and Layer 3 header. 
B) Labels are inserted in the VPI/VCI field of the ATM header. 

C) Labels are not used in cell-mode MPLS networks. 

D) Labels are inserted in the Layer 3 header only. 

Q18) With regard to VC merge, which statement is NOT true? (Source: Introducing Typical 
Label Distribution Over LC-ATM Interfaces and VC Merge) 

A) Using VC merge, ATM LSRs can reuse the same downstream label for 
multiple upstream LSRs. 

B) ATM networks are effectively transformed into a frame-mode MPLS network. 

C) Jitter and delay across the ATM network decrease. 

D) Buffering requirements increase on the ATM LSR. 

Q19) Which statement pertains to the IP routing table? (Source: Introducing Typical Label 

Distribution Over LC-ATM Interfaces and VC Merge) 
A) The IP routing table is NOT built on ATM LSRs. 
B) The IP routing table is built on the data plane of each ATM switch. 
C) The IP routing table is built on the control plane of each ATM switch. 
D) The IP routing table is built on the forwarding plane of each ATM switch. 
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Q20) 


Q21) 


Q22) 


Q23) 


Q24) 


Q25) 


Which statement pertains to the IP forwarding table? (Source: Introducing Typical 
Label Distribution Over LC-ATM Interfaces and VC Merge) 


A) The IP forwarding table is built as in a frame-mode MPLS network. 

B) The IP forwarding table is built only after the label requests have been 
answered (with labels) from upstream LSRs. 

C) The IP forwarding table is built only after the label requests have been 
answered (with labels) from downstream LSRs. 

D) There is no need for the IP forwarding table in cell-mode MPLS. Everything is 
done with the IP routing table. 


Which statement is NOT true? (Source: Introducing Typical Label Distribution Over 

LC-ATM Interfaces and VC Merge) 

A) Frame-mode MPLS forwards labels based solely on the labels. 

B) Cell-mode MPLS forwards labels based on the incoming interface and 
VPI/VCI field (label). 

C) If a router has two parallel links to the same ATM switch, one LDP session 
will be established, and one label will be requested. 

D) Per-interface label allocation prevents label spoofing. 


An ATM switch will respond to a request for a label in which situation? (Source: 
Introducing Typical Label Distribution Over LC-ATM Interfaces and VC Merge) 
A) The ATM switch will respond when it knows the next-hop label. 

B) The ATM switch will always reply to downstream label requests. 

C) The ATM switch will always reply to upstream label requests. 

D) ATM switches do not use MPLS labels. 


Which of the following describes a task that ATM switches perform? (Source: 
Introducing Typical Label Distribution Over LC-ATM Interfaces and VC Merge) 


A) upstream-on-demand label allocation 
B) downstream-on-demand label allocation 
C) unsolicited label allocation 


D) Labels are not used in cell-mode MPLS networks. 


Which of the following is used in cell-mode loop detection? (Source: Introducing 
Typical Label Distribution Over LC-ATM Interfaces and VC Merge) 

A) the TTL field of the IP packet 

B) the TTL field in the MPLS label 


C) a TLV that counts the number of hops 
D) a TLV that counts the number of packets 


Which table holds all labels assigned by an LSR and their mapping to labels that have 
been received from the neighbors of the LSR? (Source: Introducing Typical Label 
Distribution Over LC-ATM Interfaces and VC Merge) 


A) FIB 
B) LIB 
C) FLIB 
D) —_—LFIB 
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Q26) What does the term “pop” mean when you are describing penultimate hop popping? 
(Source: Introducing Typical Label Distribution Over LC-ATM Interfaces and VC 
Merge) 
A) swap the top label with a new label contained in the LIB 
B) swap the top label with a new label contained in the LFIB 
C) remove the top label instead of swapping it with the next-hop label 
D) remove the bottom label instead of swapping it with the next-hop label 
Q27) A solution for cell interleaving that could occur in ATM MPLS networks is which of 
the following? (Source: Introducing Typical Label Distribution Over LC-ATM 
Interfaces and VC Merge) 
A) PHS 
B) VC merge 
C) PC merge 
D) PSS 
Q28) Which statement is NOT a label distribution parameter? (Source: Introducing MPLS 
Label Allocation, Distribution, and Retention Modes) 
A) label space 
B) label quality 
C) label retention 
D) label allocation and distribution 
Q29) Cell-mode MPLS uses label space, and frame-mode uses label space. 
(Source: Introducing MPLS Label Allocation, Distribution, and Retention Modes) 
Q30) Which two types of label distribution are used in Cisco MPLS networks? (Choose 
two.) (Source: Introducing MPLS Label Allocation, Distribution, and Retention 
Modes) 
A) downstream-on-demand 
B) unsolicited downstream 
C) solicited downstream-on-demand 
D) unsolicited downstream-on-demand 
Q31) The modes of label allocation are control and control. (Source: 
Introducing MPLS Label Allocation, Distribution, and Retention Modes) 
Q32) What are the two label retention modes used in Cisco MPLS networks? (Choose two.) 
(Source: Introducing MPLS Label Allocation, Distribution, and Retention Modes) 
A) total 
B) light 
C) liberal 
D) conservative 
Q33) Which statement is correct? (Source: Introducing MPLS Label Allocation, Distribution, 
and Retention Modes) 
A) By default, ATM switches use independent control. 
B) By default, ATM switches use per-platform label space. 
C) By default, routers with ATM interfaces use per-platform label space. 
D) By default, routers with frame interfaces use per-platform label space. 
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Q34) 


Q35) 


Q36) 


Q37) 


Q38) 


Q39) 


Q40) 


Q41) 


Which two statements are correct? (Choose two.) (Source: Introducing MPLS Label 
Allocation, Distribution, and Retention Modes) 


A) By default, cell-mode MPLS uses unsolicited downstream label distribution. 
B) By default, cell-mode MPLS uses downstream-on-demand label distribution. 
C) By default, frame-mode MPLS uses unsolicited downstream label distribution. 
D) By default, frame-mode MPLS uses downstream-on-demand label distribution. 


Which multicast address does LDP use to send hello messages? (Source: Discovering 
LDP Neighbors) 


A) 224.0.0.1 
B) —-224.0.0.2 
C) —-224.0.0.12 
D) —_224.0.20.0 


Per-platform label space requires which of the following? (Source: Discovering LDP 
Neighbors) 

A) only one LDP session 

B) one session per interface 


C) multiple sessions for parallel links 
D) “Per-platform” is not a proper term in MPLS terminology. 


What is the purpose of the LDP identifier in a hello message? (Source: Discovering 
LDP Neighbors) 

A) contains the source address 

B) contains the multicast address 


C) contains the TCP destination port 
D) uniquely identifies the neighbor and the label space 


LDP sessions are initiated by using the IP address. (Source: Discovering LDP 


Neighbors) 


Exchanging initialization messages is what step in the LDP session negotiation 
process? (Source: Discovering LDP Neighbors) 


A) first step in LDP session negotiation 
B) second step in LDP session negotiation 
C) third step in LDP session negotiation 
D) not required in LDP session negotiation 


By default, ATM LSRs establish IP adjacency across which VPI/VCI virtual circuit? 
(Source: Discovering LDP Neighbors) 


A) 0/32 
B) 1/32 
C) 32/0 
D) 32/1 
LDP discovers nonadjacent neighbors by broadcasting IP addresses. (Source: 


Discovering LDP Neighbors) 
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Q42) LDP and TDP use which two well-known port numbers? (Choose two.) (Source: 
Discovering LDP Neighbors) 


A) LDP uses 464. 
B) LDP uses 646. 
C) LDP uses 711. 
D) TDP uses 171. 
E) TDP uses 646. 
F) TDP uses 711. 


Q43) In frame-mode MPLS networks, the number of LDP sessions that are required between 
neighbors is determined by? (Source: Discovering LDP Neighbors) 


A) the number of interfaces 
B) the number of different label spaces 
C) the number of LDP processes running a router 
D) the information contained in the source address field of the hello message 
response 
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Module Self-Check Answer Key 


Ql) oC 

Q2) A 

Q3) A,B,D 
Q4) =D 

Qs) B 

Q6) A,D 
Q7) ~2~D 

Q8) B,D 
QC 

Ql0) C 

Qll) D 

Q12) A,B,C 
Q13) B 

Ql4) A,C,D 
Qis) A 
Ql6) A,C 
Ql7) B 

Qi8s) C 

Qi9) Cc 

Q20)  B 

Q2l) oC 

Q22) A 
Q23)  B 

Q24) C 

Q25) B 

Q2%6) C 

Q27) B 

Q28) B 


Q29) per-interface, per-platform 
Q30) A,B 


Q31) independent, ordered (or ordered, independent) 


Q32) C,D 
Q33) D 
Q34) B,C 
Q35) B 
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36) 
Q37) 
Q38) 
Q39) 
40) 
Q41) 
42) 
43) 
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Module 3 | 


Frame-Mode and Cell-Mode 
MPLS Implementation on 
Cisco lOS Platforms 


Overview 


This module provides a review of switching implementations, focusing on Cisco Express 
Forwarding (CEF). The module also covers the details of implementing frame-mode and cell- 
mode Multiprotocol Label Switching (MPLS) on Cisco IOS platforms, giving detailed 
configuration, monitoring, and debugging guidelines. In addition, this module includes the 
advanced topics of controlling time-to-live (TTL) propagation and label distribution. 


Module Objectives 


Upon completing this module, you will be able to describe the tasks and commands necessary 
to implement MPLS on frame-mode and label-controlled ATM (LC-ATM) Cisco IOS 
platforms. This ability includes being able to meet these objectives: 


m Explain the features of CEF switching 

= Configure frame-mode MPLS on Cisco IOS platforms 

= Monitor frame-mode MPLS on Cisco IOS platforms 

m Troubleshoot frame-mode MPLS problems on Cisco IOS platforms 
= Configure LC-ATM MPLS 

m Configure LC-ATM MPLS over ATM Virtual Path 

m= Monitor LC-ATM MPLS on Cisco IOS platforms 
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Lesson 1 | 


Introducing CEF Switching 


Overview 


This lesson explains the Cisco IOS platform switching mechanisms by reviewing standard IP 
switching and CEF switching, including configuration and monitoring commands. 


It is important to understand what part CEF switching plays in an MPLS network. CEF must be 
running as a prerequisite to running MPLS on a Cisco router; therefore, an understanding of the 
purpose of CEF and how it functions will provide an awareness of how the network uses CEF 
information when forwarding packets. 


Objectives 


Upon completing this lesson, you will be able to describe the features of CEF switching. This 
ability includes being able to meet these objectives: 


Describe the various switching mechanisms used by Cisco IOS platforms 
Describe the function of standard IP switching on Cisco IOS platforms 
Describe the architecture of CEF switching 

Explain how to configure IP CEF switching 


Describe how to monitor IP CEF switching 
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What Are Cisco IOS Platform Switching 
Mechanisms? 


This topic describes the various switching mechanisms used by Cisco IOS platforms. 


Cisco IOS Platform Switching Mechanisms 


The Cisco IOS platform supports three IP 
switching mechanisms: 


* Routing table driven switching—process switching 
— Full lookup at every packet 
* Cache driven switching—fast switching 
— Most recent destinations entered in the cache 
— First packet always process-switched 
° Topology driven switching 
—CEF (prebuilt FIB table) 


The first and the oldest switching mechanism available in Cisco routers is process switching. 
Because process switching must find a destination in the routing table (possibly a recursive 
lookup) and construct a new Layer 2 frame header for every packet, it is very slow and is 
normally not used. 


To overcome the slow performance of process switching, Cisco IOS platforms support several 
switching mechanisms that use a cache to store the most recently used destinations. The cache 
uses a faster searching mechanism, and it stores the entire Layer 2 frame header to improve the 
encapsulation performance. The first packet whose destination is not found in the fast- 
switching cache is process-switched, and an entry is created in the cache. The subsequent 
packets are switched in the interrupt code using the cache to improve performance. 


The latest and preferred Cisco IOS platform switching mechanism is CEF, which incorporates 
the best of the previous switching mechanisms. CEF supports per-packet load balancing 
(previously supported only by process switching), per-source or per-destination load balancing, 
fast destination lookup, and many other features not supported by other switching mechanisms. 


The CEF cache, or Forwarding Information Base (FIB) table, is essentially a replacement for 
the standard routing table. 
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Using Standard IP Switching 


This topic describes the function of standard IP switching on Cisco IOS platforms. 


Standard IP Switching Review 


BGP| Address Prefix AS Path Communities Other Attr. 


IP Routing} Protocol Address Prefix Next Hop |Outgoing Interface] 
Table| BGP 10.0.0.0 18 1.23.4 


conn | 12.3.0 124 -+ Ethernet 0 


Switching| Address Layer 2 Header 
Cache] 10.0.0.0 MAC header 


ARP} IP Address MAC Address | 


Cache] 4.5.4.1 0c.00.11.22.33.44 1 


020G_240 


There is a specific sequence of events that occurs when process switching and fast switching 
are used for destinations learned through Border Gateway Protocol (BGP). 


Example: Standard IP Switching 
The figure illustrates this process. The following describes the sequence of events: 
m= When a BGP update is received and processed, an entry is created in the routing table. 


m= When the first packet arrives for this destination, the router tries to find the destination in 
the fast-switching cache. Because the destination is not in the fast-switching cache, process 
switching has to switch the packet when the process is run. The process performs a 
recursive lookup to find the outgoing interface. The process switching may possibly trigger 
an Address Resolution Protocol (ARP) request or find the Layer 2 address in the ARP 
cache. Finally, it creates an entry in the fast-switching cache. 


m All subsequent packets for the same destination are fast-switched, as follows: 
— The switching occurs in the interrupt code (the packet is processed immediately). 
— Fast destination lookup is performed (no recursion). 


— The encapsulation uses a pregenerated Layer 2 header that contains the destination 
and Layer 2 source (MAC) address. (No ARP request or ARP cache lookup is 
necessary.) 


Whenever a router receives a packet that should be fast-switched but the destination is not in 
the switching cache, the packet is process-switched. A full routing table lookup is performed, 
and an entry in the fast-switching cache is created to ensure that the subsequent packets for the 
same destination prefix will be fast-switched. 
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What Is CEF Switching Architecture? 
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This topic describes the architecture of CEF switching. 


CEF Switching Review 


BGP| Address Prefix AS Path Communities Other Attr. 


IP Routing| Protocol Address Prefix Next Hop |Outgoing Interface 
Table| BGP 10.0.0.0 18 1.2.3.4 _ 
OSPF 123.0 124 1.5/4.1 Ethernet 0 
conn 154.0 A 124 + Ethernet 0 


FIB Table Address Prefix |  Adjacency Pointer 
(CEF Cache)| 10,0.0.0 18 1.5.41 


ARP Cache 
Adjacency | IP Awiress Layer 2 Header IP Agdress | MAC Address 
MAC header 1.5.4.1 [0c.00.11.22.33.44 |& 


CEF uses a different architecture from process switching or any other cache-based switching 
mechanism. CEF uses a complete IP switching table, the FIB table, which holds the same 
information as the IP routing table. The generation of entries in the FIB table is not packet- 
triggered but change-triggered. When something changes in the IP routing table, the change is 
also reflected in the FIB table. 


Because the FIB contains the complete IP switching table, the router can make definitive 
decisions based on the information in it. Whenever a router receives a packet that should be 
CEF-switched, but the destination is not in the FIB, the packet is dropped. 


The FIB table is also different from other fast-switching caches in that it does not contain 
information about the outgoing interface and the corresponding Layer 2 header. That 
information is stored in a separate table, the adjacency table. This table is more or less a copy 
of the ARP cache, but instead of holding only the destination MAC address, it holds the Layer 
2 header. 


Note If the router carries full Internet routing (around 100,000+ networks), enabling the CEF may 
consume additional memory. Enabling the distributed CEF will also affect memory utilization 
on Versatile Interface Processor (VIP) modules (Cisco 7500 series routers) or line cards 
(Cisco 12000 series Internet routers), because the entire FIB table will be copied to all VIP 
modules or line cards. 
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Configuring IP CEF 


This topic describes how to configure CEF on Cisco IOS platforms. 


ip cef 


To enable CEF on the route processor card, use the ip cef global command in global 


Configuring IP CEF 


Router (config) # 


ip cef [distributed] 


* This command starts CEF switching and creates the 
FIB table. 


* The distributed keyword configures distributed CEF 
(running on VIP or line cards). 


* All CEF-capable interfaces run CEF switching. 


Router (config-if) # 


no ip route-cache cef 


* Disables CEF switching on an interface 
¢ Usually not needed 


configuration mode. To disable CEF, use the no form of this command. Use the following form 
of the two commands: 


ip cef [distributed] 


= no ip cef [distributed] 


Syntax Description 


distributed (optional): Enables the distributed CEF operation. Distributes the CEF information 
to the line cards. The line cards perform express forwarding. 


CEF is disabled by default, excluding these platforms: 
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CEF is enabled on the Cisco 7100 series router. 

CEF is enabled on the Cisco 7200 series router. 

CEF is enabled on the Cisco 7500 series Internet router. 
Distributed CEF is enabled on the Cisco 6500 series router. 


Distributed CEF is enabled on the Cisco 12000 series Internet router. 
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ip route-cache cef 


To enable CEF operation on an interface after the CEF operation has been disabled, use the ip 
route-cache cef command in interface configuration mode. To disable CEF operation on an 
interface, use the no form of this command. Use the following form of the two commands: 


= ip route-cache cef 


= no ip route-cache cef 


Syntax Description 


This command has no arguments or keywords. 


Defaults 


When standard CEF or distributed CEF operations are enabled globally, all interfaces that 
support CEF are enabled by default. 
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Monitoring IP CEF 


This topic describes how to monitor CEF on Cisco IOS platforms. 


Monitoring IP CEF 
2a eee 


| Router#show ip cef detail 
IP CEF with switching (Table Version 6), flags=0x0 
6 routes, 0 reresolve, 0 unresolved (0 old, O new) 
9 leaves, 11 nodes, 12556 bytes, 9 inserts, 0 invalidations 
0 load sharing elements, 0 bytes, 0 references 
2 CEF resets, 0 revisions of existing leaves 
refcounts: 543 leaf, 544 node 


Adjacency Table has 4 adjacencies 
0.0.0.0/32, version 0, receive 
192.168.3.1/32, version 3, cached adjacency to Serial0/0.10 
0 packets, O bytes 
tag information set 
local tag: 28 
fast tag rewrite with Se0/0.10, point2point, tags imposed: {28} 
via 192.168.3.10, Serial0/0.10, 0 dependencies 
next hop 192.168.3.10, Serial0/0.10 
valid cached adjacency 
tag rewrite with Se0/0.10, point2point, tags imposed: {28} 
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show ip cef 


To display unresolved entries in the FIB or to display a summary of the FIB, use the following 
form of the show ip cef EXEC command: show ip cef [unresolved | summary]. 


To display specific entries in the FIB based on IP address information, use the following form 
of the show ip cef command in EXEC mode: show ip cef [network [mask [longer-prefix|]] 
[detail]. 


To display specific entries in the FIB based on interface information, use the following form of 
the show ip cef command in EXEC mode: show ip cef [type number] [detail]. 
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This table describes the parameters for the show ip cef command. 


show ip cef Syntax Description 


Parameter Description 

unresolved (Optional) Displays unresolved FIB entries. 

summary (Optional) Displays a summary of the FIB. 

network (Optional) Displays the FIB entry for the specified destination 
network. 

mask (Optional) Displays the FIB entry for the specified destination 
network and mask. 

longer-prefix (Optional) Displays the FIB entries for all the specific 
destinations. 

detail (Optional) Displays detailed FIB entry information. 

type number (Optional) Interface type and number for which to display FIB 
entries. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


° Three different switching mechanisms are used on 
Cisco IOS platforms: routing table driven, cache 
driven, and topology driven. 


¢ Entries received with no destination address 
information are process-switched; subsequent 


packets are fast-switched. 


* Generation of entries in the FIB table is caused by 
a change trigger; when something in the routing 
table changes, the change is also reflected in the 
FIB table. 


° CEF is configured globally. 


¢ The show ip cef command is used to monitor CEF 
operation. 
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Lesson 2 | 


Configuring Frame-Mode 
MPLS on Cisco IOS Platforms 


Overview 


This lesson describes how to configure frame-mode MPLS on Cisco IOS platforms. The 
mandatory configuration tasks, and commands and their correct syntax usage, are discussed in 
this lesson. The lesson also covers some advanced configurations such as label-switching 
maximum transmission unit (MTU), IP TTL propagation, and conditional label distribution. 
Also discussed in this lesson is the operation of frame-mode MPLS over switched WAN media. 


It is important to understand how to enable and configure MPLS to successfully complete the 
lab for this lesson. 


Objectives 


This lesson describes how to configure frame-mode MPLS on Cisco IOS platforms. This ability 
includes being able to meet these objectives: 


m™ Describe the MPLS configuration tasks 

m Configure the MPLS ID ona router 

m Configure MPLS on a frame-mode interface 
m Configure a label-switching MTU 

= Configure IP TTL propagation 

= Configure conditional label distribution 


= Configure frame-mode MPLS on switched WAN media 
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What Are MPLS Configuration Tasks? 


This topic describes the MPLS configuration tasks. 


MPLS Configuration Tasks 


Mandatory: 
° Enable CEF switching. 


* Configure TDP or LDP on every label-enabled 
interface. 


Optional: 

¢ Configure the MPLS ID. 

¢ Configure MTU size for labeled packets. 
¢ Configure IP TTL propagation. 

* Configure conditional label advertising. 


To enable MPLS, you must first enable CEF switching. Depending on the Cisco IOS software 
version, you may need to establish the range for the label pool. 


You must enable Tag Distribution Protocol (TDP) or Label Distribution Protocol (LDP) on the 
interface by using either tag switching or label switching. 


Optionally, the maximum size of labeled packets may be changed. 


By default, the TTL field is copied from the IP header and placed in the MPLS label when a 
packet enters an MPLS network. To prevent core routers from responding with (Internet 
Control Message Protocol [ICMP]) TTL exceeded messages, disable TTL propagation. If TTL 
propagation is disabled, the value in the TTL field of the label is 255. 


Note Ensure that all routers have TTL propagation either enabled or disabled. If TTL is enabled in 
some routers and disabled in others, the result may be that a packet leaving the MPLS 
domain will have a larger TTL value than when it entered. 


By default, a router will generate and propagate labels for all networks that it has in the routing 
table. If label switching is required for only a limited number of networks (for example, only 
for router loopback addresses), configure the conditional label advertising. 
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Configuring the MPLS ID on a Router 


This topic describes how to configure the MPLS ID on a router. 


Configuring the MPLS ID on a Router 


router (config) # 


mpls ldp router-id interface [force] 12.0(10)ST 


Specifies a preferred interface for determining 
the LDP router ID: 


¢ Parameters 


— interface: Causes the IP address of the specified 
interface to be used as the LDP router ID, provided 
that the interface is operational. 


— force: Alters the behavior of the mpls Idp router-id 
command to force the use of the named interface as 
the LDP router ID. 


mpls Idp router-id 


To specify a preferred interface for determining the LDP router ID, use the mpls Idp router-id 
command in global configuration mode. To remove the preferred interface for determining the 
LDP router ID, use the no form of this command. The following illustrates the two commands: 


= = mpls Idp router-id interface [force] 


= no mpls Idp router-id 


This table describes the parameters for the mpls idp router-id command. 


mpls idp router-id Syntax Description 


Parameter Description 
interface Causes the IP address of the specified interface to be used as 
the LDP router ID, provided that the interface is operational. 
force (Optional) Alters the behavior of the mpls Idp router-id 
command to force the use of the named interface as the LDP 
router ID. 
Defaults 


The mpls Idp router-id command is disabled. 
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Configuring MPLS on a Frame-Mode Interface 


This topic describes how to configure MPLS on a frame-mode interface. 


Configuring MPLS on a Frame-Mode 
Interface 


Router (config-if) # 


* Enables label switching on a frame-mode interface. 


¢ Starts LDP on the interface. 


Router (config-if) # 


mpls label protocol [tdp | ldp | both] 


¢ Starts selected label distribution protocol on the 
specified interface. 


mpls ip 


To enable label switching of IP version 4 (IPv4) packets on an interface, use the mpls ip 
command in interface configuration mode. To disable IP label switching on this interface, use 
the no form of this command. The following illustrates the two commands: 


= mpls ip 


= no mpls ip 


Syntax Description 


This command has no arguments or keywords. 


Defaults 


Label switching of IPv4 packets is disabled on this interface. 
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mpls label protocol [tdp | Idp | both] 


To select the label distribution protocol to be used on an interface, use the mpls label protocol 
command in interface configuration mode. To revert to the default label distribution protocol, 
use the no form of this command. The following illustrates the two commands: 


= mpls label protocol <protocol> 


= no mpls label protocol <protocol> 


This table describes the parameters for the mpls label protocol [tdp | Idp | both] command. 


mpls label protocol [tdp | Idp | both] Syntax Description 


Parameter Description 

tdp Enables TDP on an interface. 

ldp Enables LDP on an interface. 

both Enables TDP and LDP on an interface. 
Defaults 


TDP is the default protocol. 


Note For backward compatibility, using the “mpls” syntax will be entered as “tag-switching” syntax 
in the configuration by the IOS software. 
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Configuring MPLS on a Frame-Mode Interface: 
Example 


ip cef 


Enable MPLS on all core interface serial 2/1 
interfaces in your network. mpls ip 


interface fastethernet 0/0 
mpls ip 


Provider Network 


ip cef 


Use access lists to prevent pareteoee Setar oe 
customers from running ie eters oe ee 


- interface serial 2/1 
TDP with your routers. apis to 


ip access-list NoTDP deny tcp any any eq 711 
ip access-list NoTDP permit ip any any 
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Example: Configuring MPLS on a Frame-Mode Interface 


The figure shows the configuration steps needed to enable MPLS on an edge label switch router 
(LSR). The configuration includes an ACL that denies any attempt to establish a TDP session 
from an interface that is not enabled for MPLS. In the example in the figure, router A has 
“NoTDP” access-list on serial 3/1, which is not enabled for MPLS. 


You must globally enable CEF switching, which automatically enables CEF on all interfaces 
that support it. (CEF is not supported on logical interfaces, such as loopback interfaces.) 


Nonbackbone interfaces have an input ACL that denies TCP sessions on the well-known port 
number 711 (TDP). 
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Configuring MPLS on a Frame-Mode Interface: 
Example 


ip cef 


interface serial 1/0 
mpls ip 
mpls label protocol tdp 


B a interface serial 2/1 
Cisco Router Running mpls ip 
only TDP mpls label protocol ldp 


interface fastethernet 0/0 
mpls ip 
mpls label protocol both 


=a Routers of Other Vendors 
L2 Running Only LDP 
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When combining Cisco routers with equipment of other vendors, you may need to use standard 
LDP (MPLS). TDP (tag switching) can be replaced by LDP on point-to-point interfaces. 
However, you can also use both protocols on shared media if some devices do not support 
TDP. 


Label switching is more or less independent of the distribution protocol, so there should be no 
problem in mixing the two protocols. TDP and LDP are functionally very similar, and both 
populate the label information base (LIB) table. 
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Configuring a Label-Switching MTU 


This topic describes how to configure a label-switching MTU. 


Configuring a Label-Switching MTU 


Router (config-if) # 


mpls mtu bytes 


° Label switching increases the maximum MTU 
requirements on an interface, because of additional label 
header. 


° Interface MTU is automatically increased on WAN 
interfaces; IP MTU is automatically decreased on LAN 
interfaces. 


* Label-switching MTU can be increased on LAN interfaces 
(resulting in jumbo frames) to prevent IP fragmentation. 


¢ The jumbo frames are not supported by all LAN switches. 


mpls mtu 


To set the per-interface MTU for labeled packets, use the mpls mtu interface configuration 
command. The following shows these commands: 


= mpls mtu bytes 


= no mpls mtu 


This table describes the parameters for the mpls mtu command. 


mpls mtu Syntax Description 


Parameter Description 


MTU in bytes 


Defaults 


The minimum MTU is 64 bytes (B). The maximum depends on the type of interface medium. 
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Configuring Label-Switching MTU: Example 
———————— eee i NE Ch eT, 


Jumbo frames have to be enabled seb week. 4/3 Suube enable 
on the switch. set port 1/4 jumbo enable 


Cat6000 


interface serial 0/0 ip cef 


ls i 
= e interface fastethernet 0/0 


interface fastethernet 0/0 mpls ip 
mpls ip mpls mtu 1512 


mpls mtu 1512 


MPLS MTU is increased to 1512 to support 1500-B IP packets and MPLS 
stack up to 3 levels deep. 


One way of preventing labeled packets from exceeding the maximum size (and being 
fragmented as a result) is to increase the MTU size of labeled packets for all segments in the 
label-switched path (LSP) tunnel. The problem will typically occur on LAN switches, where it 
is more likely that a device does not support oversized packets (also called jumbo frames or, 
sometimes, giants or baby giants). Some devices support jumbo frames, and some need to be 
configured to support them. 


The MPLS MTU size is increased automatically on WAN interfaces and needs to be increased 
manually on LAN interfaces. 


The MPLS MTU size has to be increased on all LSRs attached to a LAN segment. 
Additionally, the LAN switches used to implement switched LAN segments need to be 
configured to support jumbo frames. No additional configuration is necessary for shared LAN 
segments implemented with hubs. 


A different approach is needed if a LAN switch does not support jumbo frames. The problem 
may be even worse for networks that do not allow ICMP MTU discovery messages to be 
forwarded to sources of packets and if the Don’t Fragment (DF) bit is strictly used. This 
situation can be encountered where firewalls are used. 
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Configuring IP TTL Propagation 


This topic describes how to configure IP TTL propagation. 


Configuring IP TTL Propagation 


Router (config) # 


no mpls ip propagate-ttl 


° By default, IP TTL is copied into the MPLS label at 
label imposition, and the MPLS label TTL is copied 
(back) into the IP TTL at label removal. 


¢ This command disables IP TTL and label TTL 
propagation. 


—TTL value of 255 is inserted in the label header. 


¢ The TTL propagation has to be disabled on ingress 
and egress edge LSRs. 


mpls ip propagate-ttl 


To set the TTL value on output when the IP packets are being encapsulated in MPLS, use the 
mpls ip propagate-ttl command in privileged EXEC mode. To disable this feature, use the no 
form of this command. The following illustrates these two commands: 


= mpls ip propagate-ttl 
= no mpls ip propagate-ttl 


Syntax Description 


This command has no optional keywords or arguments. 


Defaults 


The MPLS TTL value on packet output is set based on the IP TTL value on packet input. 
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Configuring IP TTL Propagation: 


Example 
eee Cisco.com | 


Cl#trace C2.cust.com 

Tracing the route to C2.cust.com 

1 A.provider.net 44 msec 36 msec 32 msec 

2 B.provider.net 164 msec 132 msec 128 msec 
3 C.provider.net 148 msec 156 msec 152 msec 
4 C2.cust.com 180 msec * 181 msec 


Example: Configuring IP TTL Propagation 


The figure illustrates typical traceroute behavior in an MPLS network. Because the label header 
of a labeled packet carries the TTL value from the original IP packet, the routers in the path can 
drop packets when the TTL is exceeded. Traceroute will therefore show all the routers in the 
path. This is the default behavior. 


In the example, router Cl is executing a trace command that results in this behavior. The steps 
for this process are as follows: 


Step 1 


Step 2 


Step 3 


Step 4 


The first packet is an IP packet with TTL=1. Router A decreases the TTL and drops 
the packet because it reaches 0. An ICMP TTL exceeded message is sent to the 
source. 


The second packet sent is an IP packet with TTL=2. Router A decreases the TTL, 
labels the packet (the TTL from the IP header is copied into the label), and forwards 
the packet to router B. 


Router B decreases the TTL value, drops the packet, and sends an ICMP TTL 
exceeded message to the source. 


The third packet (TTL=3) experiences a similar processing to the previous packets, 
except that router C is not the one dropping the packet based on the TTL in the IP 
header. Router B, because of penultimate hop popping (PHP), previously removed 
the label, and the TTL was copied back to the IP header (or second label). 


The fourth packet (TTL=4) reaches the final destination, where the TTL of the IP packet is 


examined. 
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Configuring IP TTL Propagation: 
Disabling IP TTL Propagation Example 


Cl#trace C2.cust.com 

Tracing the route to C2.cust.com 

1 A.provider.net 44 msec 36 msec 32 msec 
2 C2.cust.com 180 msec * 181 msec 


ip cef 


Provider Network no mpls ip propagate-ttl 


interface serial 0/0 
mpls ip 


A#trace C2.cust.com 
Tracing the route to C2.cust.com 
1 C2.cust.com 180 msec * 181 msec 


With TTL propagation disabled, the trace command displays only the 
ingress provider router (and sometimes the egress provider router.) 
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If TTL propagation is disabled, the TTL value is not copied into the label header. Instead, the 
label TTL field is set to 255. The probable result is that no router in the TTL field in the label 
header will be decreased to 0 inside the MPLS domain (unless there is a forwarding loop inside 
the MPLS network). 


If the traceroute command is used, ICMP replies are received only from those routers that see 
the real TTL stored in the IP header. 


Example: Disabling IP TTL Propagation 


In the figure, router C1 is executing the traceroute command, but the core routers do not copy 
the TTL to and from the label. This situation results in the following behavior: 


Step 1 The first packet is an IP packet with TTL=1. Router A decreases the TTL, drops the 
packet, and sends an ICMP TTL exceeded message to the source. 


Step 2 The second packet is an IP packet with TTL=2. Router A decreases the TTL, labels 
the packet, and sets the TTL to 255. 


Step 3 Router B decreases the TTL in the label to 254 and forwards a labeled packet with 
TTL set to 254. 


Step 4 Router C removes the label, decreases the IP TTL, and sends the packet to the next- 
hop router (C2). The packet has reached the final destination. 


Note The egress MPLS router may, in some cases, be seen in the trace printout, for example, if 
the route toward C2 is carried in BGP, not in the Interior Gateway Protocol (IGP). 
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Configuring IP TTL Propagation: 
Extended Options 


Router (config)# 


no mpls ip propagate-ttl [forwarded | local] 


Selectively disables IP TTL propagation for: 


* Forwarded traffic (Traceroute does not work for 
transit traffic labeled by this router.) 


¢ Local traffic (Traceroute does not work from the 
router but works for transit traffic labeled by this 
router.) 


mpls ip propagate-ttl 


Use the mpls ip propagate-ttl command to control generation of the TTL field in the label 
when the label is first added to the IP packet. By default, this command is enabled, which 
means that the TTL field is copied from the IP header and inserted into the MPLS label. This 
aspect allows a trace command to show all of the hops in the network. 


To use a fixed TTL value (255) for the first label of the IP packet, use the no form of the mpls 
ip propagate-ttl command. This action hides the structure of the MPLS network from a trace 
command. Specify the types of packets to be hidden by using the forwarded and local 
arguments. Specifying no mpls ip propagate-ttl forwarded allows the structure of the MPLS 
network to be hidden from customers but not from the provider. Here are the most common 
applications of this command: 


= mpls ip propagate-ttl [forwarded | local] 


= no mpls ip propagate-ttl [forwarded | local] 


This table describes the parameters for the mpls ip propagate-ttl command. 


mpls ip propagate-ttl Syntax Description 


Parameter Description 


forwarded (Optional) Hides the structure of the MPLS network from a trace 
command only for forwarded packets. Prevents the trace 
command from showing the hops for forwarded packets. 


local (Optional) Hides the structure of the MPLS network from a trace 
command only for local packets. Prevents the trace command 
from showing the hops only for local packets. 
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Defaults 


By default, this command is enabled. The TTL field is copied from the IP header. A trace 
command shows all of the hops in the network. 


Command Modes 


The mpls ip propagate-ttl command is used in global configuration mode. 


Usage Guidelines 


By default, the mpls ip propagate-ttl command is enabled, and the IP TTL value is copied to 
the MPLS TTL field during label imposition. To disable TTL propagation for all packets, use 
the no mpls ip propagate-ttl command. To disable TTL propagation only for forwarded 
packets, use the no mpls ip propagate-ttl forwarded command. This action allows the 
structure of the MPLS network to be hidden from customers, but not from the provider. 


This feature supports the Internet Engineering Task Force (IETF) document “ICMP Extensions 
for Multiprotocol Label Switching.” 


3-26 Implementing Cisco MPLS (MPLS) v2.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Configuring IP TTL Propagation: 
Disabling IP TTL Propagation Example 


Cl#trace C2.cust.com 

Tracing the route to C2.cust.com 

1 A.provider.net 44 msec 36 msec 32 msec 
2 C2.cust.com 180 msec * 181 msec 


Cat6000 
% ip cef 
Provider Network no mpls ip propagate-ttl forwarded 


interface serial 0/0 
mpls ip 
Selective IP TTL 
F ‘i A#trace C2.cust.com 
propagation hides the Tracing the route to C2.cust.com 
provider network from the 1 B.provider.net 164 msec 132 msec 128 msec 


customer but still allows 2 C.provider.net 148 msec 156 msec 152 msec 
troubleshooting 3 C2.cust.com 180 msec * 181 msec 


MPLS v2.1—3-14 


Typically, a service provider likes to hide the backbone network from outside users but allow 
inside traceroute to work for easier troubleshooting of the network. 


This goal can be achieved by disabling TTL propagation for forwarded packets only, as 
described here: 


m Ifa packet originates in the router, the real TTL value is copied into the label TTL. 


m Ifthe packet is received through an interface, the TTL field in a label is assigned a value of 
ee 


The result is that someone using traceroute on a provider router will see all of the backbone 
routers. Customers will see only edge routers. 


The opposite behavior can be achieved by using the no mpls ip propagate-ttl local command, 
although this is not usually desired. 
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Configuring Conditional Label Distribution 


This topic describes how to configure conditional label distribution. 


Conditional Label Distribution 


Configuration 
pe eee Cisco.com | 


Router (config) # 
mpls ldp advertise-labels [for prefix-access-list [to peer- 
access-list] ] 
¢ By default, labels for all destinations are announced to all LDP or 
TDP neighbors. 
This command enables you to selectively advertise some labels 


to some LDP or TDP neighbors. 


Conditional label advertisement works only over frame-mode 
interfaces. 


Parameters: 


— For prefix-access-list—The IP access list that selects the 
destinations for which the labels will be generated 


— To peer-access-list—The IP access list that selects the TDP 
neighbors that will receive the labels 
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mpls Idp advertise-labels 


To control the distribution of locally assigned (incoming) labels by means of LDP, use the 
mpls Idp advertise-labels command in global configuration mode. This command is used to 
control which labels are advertised to which LDP neighbors. To prevent the distribution of 
locally assigned labels, use the no form of this command, as shown here: 


= mpls Idp advertise-labels [for prefix-access-list [to peer-access-list]] 


= no mpls Idp advertise-labels [for prefix-access-list [to peer-access-list]] 


This table describes the parameters for the mpls idp advertise-labels command. 


mpls idp advertise-labels Syntax Description 


Parameter Description 


for prefix-access-list (Optional) Specifies which destinations should have their labels 
advertised. 


to peer-access-list (Optional) Specifies which LSR neighbors should receive label 
advertisements. An LSR is identified by its router ID, which 
consists of the first 4 bytes (B) of its 6-B LDP identifier. 
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Conditional Label Distribution Configuration: 
Example 


* The customer is already running IP infrastructure. 


¢ MPLS is needed only to support MPLS VPN 
services: 


—Labels should be generated only for loopback 
interfaces (BGP next hops) of all routers. 


— All loopback interfaces are in one contiguous 
address block (192.168.254.0/24). 


Example: Conditional Label Distribution Configuration 


The example here describes where conditional label advertising can be used. The existing 
network still performs normal IP routing, but the MPLS label-switched path (LSP) tunnel 
between the loopback interfaces of the LSR routers is needed to enable MPLS Virtual Private 
Network (VPN) functionality. 


Using one contiguous block of IP addresses for loopbacks on provider edge (PE) routers can 
simplify the configuration of conditional advertising. 
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Conditional Label Distribution 


Configuration Steps 
ee SEE | 


Step 1: Enable CEF and label switching. 


ip cef 

! 

interface serial 0/0 
mpls ip 

1 


interface serial 0/1 


mpls ip 
| 


interface ethernet 1/0 
mpls ip 
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In the first step, CEF switching and MPLS have to be enabled on all core interfaces. The MPLS 
MTU size may be adjusted on the LAN interfaces. 
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Conditional Label Distribution 
Configuration Steps (Cont.) 


Step 2: Enable conditional label advertisement. 


! Disable default advertisment mechanism 
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In the second step, disable label propagation and enable conditional label advertising. Within 
the mpls Idp advertise-labels command, specify the neighbors to which the labels are to be 
sent and the networks for which the labels are to be advertised. 


Example: Enabling Conditional Label Advertisement 


In the figure, the labels for all networks permitted by access control list (ACL) 90 are sent to all 
neighbors matched by ACL 91 (in this example, that would be all TDP or LDP neighbors). 
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Configuring Frame-Mode MPLS on Switched 
WAN Media 


This topic describes how to configure frame-mode MPLS on switched WAN media. 


Configuring Frame-Mode MPLS on 
Switched WAN Media 


Why: 


e Run MPLS over ATM networks that do not 
support MPLS. 


° This could be the potential first phase in ATM 


network migration. 
How: 


¢ Configure MPLS over ATM point-to-point 
subinterfaces on the routers. 


When an underlying ATM infrastructure that does not support cell-mode MPLS is used, MPLS 
can still be used across point-to-point permanent virtual circuits (PVCs). The MPLS 
configuration is equal to that on any other Layer 2 media. 


This activity could be the first phase of an ATM network migration. 
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Configuring Frame-Mode MPLS on Switched WAN Media: 
MPLS over ATM Forum PVCs 


TDP or LDP Session 


ATM Switch ATM Switch 
Non-MPLS ATM Network 


Routers view the ATM PVC as a frame-mode MPLS interface. 
TDP or LDP is run between the adjacent routers. 

Many LSPs can be established over one ATM PVC. 

The ATM network is not aware of MPLS between the routers. 
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If frame-mode MPLS on an ATM interface is enabled, TDP or LDP neighbor relationships are 
established between the two PVC endpoint routers and not with the attached ATM switch. 


Labeling of packets happens at the process level (in software), while segmentation and 
reassembly happen on the interface (in hardware), regardless of the type of packet. 


Switching is performed based on the virtual path identifier/virtual channel identifier (VPI/VCI) 
value in the ATM header that is used for this particular PVC, and is not related to Layer 3 IP 


information. 
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Configuring Frame-Mode MPLS on Switched WAN Media: 
MPLS over ATM Forum PVCs (Cont.) 


TDP or LDP Session 


ATM Switch ATM Switch ATM Forum PVC 
Non-MPLS ATM Network 


interface atm 0/0.2 point-to-point 
ip unnumbered loopback 0 

pve 1/33 

mpls ip 


¢ Create a point-to-point ATM subinterface. 
¢ Configure ATM PVC on the subinterface. 
¢ Start label switching and LDP or TDP on the interface. 


inc. All rights reserve 


Configuring frame-mode MPLS on an ATM interface involves using the same interface 
command (mpls ip). Because this implementation is frame-mode MPLS (versus cell-mode) 
over ATM, the interface is defined as a point-to-point subinterface. 


The ATM parameters are not related to MPLS, because the labeled traffic is using a standard 
ATM Forum point-to-point PVC. 
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Configuring Frame-Mode MPLS on Switched WAN Media: 
MPLS over Frame Relay Networks 


TDP or LDP Session 


X ma 
Frame Switch Frame Switch Frame Relay DLCI 
Frame Relay Network 


interface serial 1/0.3 point-to-point 
frame-relay interface-dlci 202 

ip unnumbered loopback 0 

mpls ip 


* Create a point-to-point or multipoint Frame Relay subinterface. 
* Configure Frame Relay DLCI on the subinterface. 
* Start label switching and LDP or TDP on the interface. 
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Enabling MPLS on a Frame Relay PVC, also called a data-link connection identifier (DLCI), is 
no different from doing so on any other point-to-point media. 


Routers insert a label between the frame and the IP header. The TDP or LDP session is 
established between the two IP endpoints connected through a Frame Relay network. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cee | 


Some of the MPLS configuration tasks are mandatory and some 
are optional. 


The command mpls idp router-id interface [force] specifies a 
preferred interface for determining the LDP router ID. 


Use the mpls ip or tag-switching ip commends to enable MPLS 
(interface level). 


Label switching increases maximum MTU size on an interface. 


TTL propagation must be disabled on ingress and egress 
edge LSRs. 


Conditional label advertisement works only on frame-mode 
interfaces. 


When frame-mode MPLS on an ATM interface is enabled, LDP 
relationships are established between the PVC endpoints and 
not with the attached ATM switch. 
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Lesson 3 | 


Monitoring Frame-Mode MPLS 
on Cisco IOS Platforms 


Overview 


This lesson covers the procedures for monitoring MPLS on Cisco IOS platforms by listing the 
syntax and parameter descriptions; looking at interfaces, neighbor nodes, and LIB and label 
forwarding information base (LFIB) tables; and outlining the usage guidelines for the 
commands. The lesson also looks at common frame-mode MPLS symptoms and issues. 


It is very important to know what commands you can use to verify correct operation of MPLS 
in the network. The information here will help you when you encounter problems with frame- 
mode interfaces that have MPLS running in the network. 


Objectives 


Upon completing this lesson, you will be able to describe how to use monitoring commands in 
frame-mode MPLS on Cisco IOS platforms. This ability includes being able to meet these 
objectives: 


= Describe how to monitor MPLS 
= Describe how to monitor LDP 
m= Describe how to monitor label switching 


m™ Describe how to debug MPLS and LDP 
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Monitoring MPLS 


This topic describes how to monitor MPLS. 


MPLS Monitoring Commands 


Router# 
show mpls ldp parameters 


¢ Displays LDP parameters on the local router. 


Router# 
show mpls interfaces 


* Displays MPLS status on individual interfaces. 


Router# 
show mpls ldp discovery 


¢ Displays all discovered LDP neighbors. 


show mpls Idp parameters 


To display available LDP parameters, use the following show mpls Idp parameters command 
in privileged EXEC mode: show mpls Idp parameters. 


show mpls interfaces 


To display information about one or more interfaces that have the MPLS feature enabled, use 
the following show mpls interfaces command in EXEC mode: show mpls interfaces 


[interface] [detail]. 


This table describes the parameters for the show mpls interfaces command. 


show mpls interfaces Syntax Description 


Parameter Description 

interface (Optional) The interface about which to display MPLS 
information. 

detail (Optional) Displays information in long form. 


3-38 Implementing Cisco MPLS (MPLS) v2.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


show mpls Idp discovery 


To display the status of the LDP discovery process (Hello protocol), use the show mpls Idp 
discovery command in privileged EXEC mode. This command displays all MPLS-enabled 
interfaces and the neighbors that are present on the interfaces. 


MPLS Monitoring Commands: 
show mpls Idp parameters 


Router#show mpls ldp parameters 
Protocol version: 1 


Downstream label pool: min label: 16; 


100000 


[Configured: min label: 1000; max label: 
Session hold time: 180 sec; keep alive interval: 


sec 
Discovery hello: holdtime: 15 sec; 
Discovery targeted hello: holdtime: 
5 sec 
Downstream on Demand max hop count: 
TDP for targeted sessions 


LDP initial/maximum backoff: 15/120 sec 


LDP loop detection: off 


show mpls Idp parameters 


max label: 


To display available LDP parameters, use the following show mpls Idp parameters command 


in privileged EXEC mode: show mpls Idp parameters. 


Syntax Description 


This command has no arguments or keywords. 
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This table describes the significant fields in the display. 


show mpls Idp parameters Field Description 


Field Description 
Protocol version Indicates the version of LDP running on the platform. 
Downstream label pool Describes the range of labels available for the platform to assign 


for label-switching purposes. The available labels range from the 
smallest value (min label) to the largest label value (max label), 
with a modest number of labels at the low end of the range 
(reserved labels), reserved for diagnostic purposes. 


Session hold time Indicates the time that an LDP session is to be maintained with 
an LDP peer without receiving LDP traffic or an LDP keepalive 
message from the peer. 


Keepalive interval Indicates the interval of time between consecutive transmissions 
of LDP keepalive messages to an LDP peer. 


Discovery hello Indicates the amount of time to remember that a neighbor 
platform wants an LDP session without receiving an LDP hello 
message from the neighbor (hold time), and the time interval 
between the transmissions of consecutive LDP hello messages to 
neighbors (interval). 


Discovery targeted hello Indicates the amount of time to remember that a neighbor 
platform wants an LDP session when one of the following occurs: 


= The neighbor platform is not directly connected to the router. 


= The neighbor platform has not sent an LDP hello message. 
This intervening interval is known as hold time. 


Also indicates the time interval between the transmissions of 
consecutive hello messages to a neighbor not directly connected 
to the router. 


LDP for targeted sessions Reports the parameters that have been set by the show mpls 
atm-Idp bindings command. 


LDP initial/maximum backoff Reports the parameters that have been set by the mpls Idp 
backoff command. 
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MPLS Monitoring Commands: 


show mpls interfaces 
eee Cisco.com | 


Router#show mpls interfaces [interface] [detail] 
Interface Serial0/0: eee es 
IP labeling enabled (ldp) 
“LSP Tunnel labeling enabled 
Tag Frame Relay Transport tagging not enabled 
Tagging operational 
Fast Switching Vectors: 
IP to MPLS Fast Switching Vector 
MPLS Turbo Vector 
MTU = 1500 
Interface Serial0/3: 
IP labeling enabled (ldp) 
LSP Tunnel labeling not enabled 
Tag Frame Relay Transport tagging not enabled 
Tagging operational 
Fast Switching Vectors: 
IP to MPLS Fast Feature Switching Vector 
MPLS Feature Vector 
MTU = 1500 


The show mpls interfaces command will show only those interfaces on which MPLS has been 
configured. 


show mpls interfaces 


To display information about one or more or all interfaces that are configured for label 
switching, use the following show mpls interfaces command in privileged EXEC mode: show 
mpls interfaces [all]. 


show mpls interfaces Syntax Description 


Parameter Description 


interface (Optional) Defines the interface about which to display label- 
switching information. 


detail (Optional) Displays detailed label-switching information for the 
specified interface. 
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This table describes the significant fields in the display. 


show mpls interfaces Field Description 


Field Description 

Interface Interface name. 

IP “Yes” if IP label switching (sometimes called hop-by-hop label 
switching) has been enabled on this interface. 

Tunnel “Yes” if LSP tunnel labeling has been enabled on this interface. 

Tagging operational Operational state. “Yes” if labeled packets can be sent over this 


interface. Labeled packets can be sent over an interface if an 
MPLS protocol is configured on the interface and the required 
Layer 2 negotiations have occurred. 
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MPLS Monitoring Commands: 
show mpls Idp discovery 


Router#sh show mpls ldp discovery 
Local LDP identirier: © Sa aaa aa 
192.168.3.102:0 
Discovery Sources: 
Interfaces: 
Serial1/0.1(ldp): xmit/recv 
LDP Id: 192.168.3.101:0 
Serial1/0.2(ldp): xmit/recv 
LDP Id: 192.168.3.100:0 


show mpls Idp discovery 


To display the status of the LDP discovery process, use the show mpls Idp discovery 
command in privileged EXEC mode. This command generates a list of interfaces over which 
the LDP discovery process is running. The following shows these commands: 


= = show mpls Idp discovery [vrf vpn-name] 


= = show mpls Idp discovery [all] 


show mpls Idp discovery Syntax Description 


Parameter Description 


vrf vpn-name (Optional) Displays the neighbor discovery information for the 
specified VPN routing or forwarding instance (vpn-name). 


all (Optional) Displays LDP discovery information for all VPNs when 
the all keyword is specified alone in this command, including 
those in the default routing domain. 
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This table describes the significant fields in the display. 


show mpls Idp discovery Field Description 


Field Description 


Local LDP Identifier The LDP identifier for the local router. An LDP identifier is a 6-B 
construct displayed in the form “IP address:number.” 


By convention, the first 4 bytes of the LDP identifier constitute the 
router ID; integers, starting with 0, constitute the final 2 bytes of 
the IP address: number construct. 


Interfaces Lists the interfaces that are engaging in LDP discovery activity, 
described here: 


a The xmit field: Indicates that the interface is transmitting LDP 
discovery hello packets. 


m The recv field: Indicates that the interface is receiving LDP 
discovery hello packets. 


m_ The (Idp) or (tdp) field: Indicates the label distribution protocol 
configured for the interface. 


The LDP (or TDP) identifiers indicate LDP (or TDP) neighbors 
discovered on the interface. 


Targeted Hellos Lists the platforms to which targeted hello messages are being 
sent, described here: 


m The xmit, recv, and (Idp) or (tdp) fields are as described for the 
Interfaces field. 


mu The active field indicates that this LSR has initiated targeted 
hello messages. 


mu The passive field indicates that the neighbor LSR has initiated 
targeted hello messages and that this LSR is configured to 
respond to the targeted hello messages from the neighbor. 
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Monitoring LDP 


This topic describes how to monitor LDP. 


LDP Monitoring Commands 


Router# 


show mpls ldp neighbor 
Displays individual LDP neighbors. 


Router# 


show mpls ldp neighbor detail 
Displays more details about LDP neighbors. 

Router# 

show mpls ldp bindings 


¢ Displays label information base (LIB). 


e show mpls Idp bindings [network {mask | length} [longer-prefixes]] 
[local-label label [- label]} [remote-label /abel [- label] [neighbor 
address] [local] 


show mpls Idp neighbor 


To display the status of LDP sessions, use the following show mpls Idp neighbor commands 
in privileged EXEC mode: 


= show mpls Idp neighbor [vrf vpn-name] [address] [interface] [detail] 
= = show mpls Idp neighbor [all] 


show mpls Idp neighbor Syntax Description 


Parameter Description 

vrf von-name (Optional) Displays the LDP neighbors for the specified VPN 
routing or forwarding instance (vpn-name). 

address (Optional) Identifies the neighbor with this IP address. 

interface (Optional) Defines the LDP neighbors accessible over this 
interface. 

detail (Optional) Displays information in long form. 

all (Optional) LDP neighbor information for all VPNs when the all 


keyword is specified alone in this command, including those in 
the default routing domain. 
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show mpls Idp bindings 
To display the contents of the LIB, use the following show mpls Idp bindings command in 
privileged EXEC mode: show mpls Idp bindings [network {mask | length} [longer-prefixes]]| 
[local-label /abel [-/abe!]] [remote-label /abel [-/abel]| [neighbor address] [local]. 


show mpls Idp bindings Syntax Description 


Parameter Description 
vrf von-name (Optional) Displays the label bindings for the specified VPN routing or 


forwarding instance (vpn-name). 


network (Optional) Defines the destination network number. 

mask (Optional) Specifies the network mask, written as A.B.C.D. 

length (Optional) Specifies the mask length (1 to 32 characters). 

longer-prefixes (Optional) Selects any prefix that matches mask with a length from 1 
to 32 characters. 

local-label /abel-label (Optional) Displays entries matching local label values. Use the /abel- 
label argument to indicate the label range. 

remote-label /abel-label (Optional) Displays entries matching the label values assigned by a 
neighbor router. Use the /abel-labe/ argument to indicate the label 
range. 

neighbor address (Optional) Displays the label bindings assigned by the selected 
neighbor. 

local (Optional) Displays the local label bindings. 
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LDP Monitoring Commands: 
show mpls Idp neighbor detail 


Router# show mpls ldp neighbor detail 


Peer LDP Ident: 192.168.3.100:0; Local LDP Ident 192.168.3.102:0 
TCP connection: 192.168.3.100.646 - 192.168.3.102.11000 
State: Oper; Msgs sent/rcvd: 3117/3112; Downstream; 


Last TIB rev sent2 
Up time: 2w4d; UID: 4; Peer Id 0; 
LDP discovery sources: 
Serial0/0; Src IP addr: 130.0.0.2 
holdtime: 15000 ms, hello interval: 5000 ms 
Addresses bound to peer LDP Ident: 


192.168.3.10 192.168.3.14 192.168.3.100 


Peer holdtime: 180000 ms; KA interval: 60000 ms; 
state: estab 


The status of the LDP (TDP) session is indicated by “State: Oper” (operational). 


show mpls Idp neighbor 


To display the status of LDP sessions, issue the following show mpls Idp neighbor commands 


in privileged EXEC mode: 


= = show mpls Idp neighbor [vrf vpn-name] [address] [interface] [detail] 


= = show mpls Idp neighbor [all] 


Usage Guidelines 


The show mpls Idp neighbor command can provide information about all LDP neighbors, or 


the information can be limited to the following: 
™ Neighbor with specific IP address 


m= LDP neighbors known to be accessible over a specific interface 
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This table describes the significant fields in the display. 


show mpls Idp neighbor Field Description 


Field Description 

Peer LDP Ident Displays LDP identifier of the neighbor (peer) for this session. 
Local LDP Ident Displays LDP identifier for the local LSR for this session. 
TCP connection Displays TCP connection used to support the LDP session, 


shown in the following format: 
m peer IP address.peer port 


a local IP address.local port 


State Displays state of the LDP session. Generally, this is “Oper” 
(operational), but “transient” is another possible state. 


Msgs sent/rcvd Displays number of LDP messages sent to and received from the 
session peer. The count includes the transmission and receipt of 

periodic keepalive messages, which are required for maintenance 
of the LDP session. 


Downstream on demand Indicates that the downstream-on-demand method of label 
distribution is being used for this LDP session. When the 
downstream-on-demand method is used, an LSR advertises its 
locally assigned (incoming) labels to its LDP peer only when the 
peer requests them. 


Downstream Indicates that the downstream method of label distribution is 
being used for this LDP session. When the downstream method 
is used, an LSR advertises all of its locally assigned (incoming) 
labels to its LDP peer (subject to any configured access list 


restrictions). 

Up time Displays length of time that the LDP session has existed. 

LDP discovery sources Displays source(s) of LDP discovery activity that led to the 
establishment of this LDP session. 

Addresses bound to peer LDP Displays known interface addresses of the LDP session peer. 

Ident These are addresses that might appear as next-hop addresses in 
the local routing table. They are used to maintain the LFIB. 

Peer holdtime Displays the time that it takes to remove the relationship if no 
keepalives are received within this period. 

KA interval Displays the keepalive interval. 

Peer state Shows the status of the neighbor relationship. 
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LDP Monitoring Commands: 
show mpls Idp bindings 


Router#, Show mpls ldp bindings 


10.102.0.0/16, rev 29 
local binding: 


remote binding: 


10.211.0.7/32, rev 32 
local binding: 


remote binding: 


10.220.0.7/32, rev 33 
local binding: 


remote binding: 


show mpls Idp bindings 


To display the contents of the LIB, 


label: 26 

lsr: 172.27.32.29:0, label: 
label: 27 

lsr: 172.27.32.29:0, label: 
label: 28 


lsr: 172.27.32.29:0, label: 


use the following show mpls Idp bindings command in 


privileged EXEC mode: show mpls Idp bindings [vrf vpn-name] [network {mask | length} 
[longer-prefixes|] [local-label /abel [-/abel]] [remote-label /abel/ [-/abel]] [neighbor address] 


[local]. 


show mpls Idp bindings Syntax Description 


Parameter 


vrf vpn-name 


Description 


(Optional) Displays the label bindings for the specified VPN 


routing or forwarding instance (vpn-name). 


network (Optional) Defines the destination network number. 
mask (Optional) Specifies the network mask, written as A.B.C.D. 
length (Optional) Specifies the mask length (1 to 32 characters). 


longer-prefixes 


(Optional) Selects any prefix that matches mask with a length 
from 1 to 32 characters. 


local-label /abel-label 


(Optional) Displays entries matching local label values. Use the 
label-label argument to indicate the label range. 


remote-label /abel-/abel 


(Optional) Displays entries matching the label values assigned 
by a neighbor router. Use the /abel-labe/ argument to indicate the 
label range. 


neighbor address 


(Optional) Displays the label bindings assigned by the selected 
neighbor. 


local 


(Optional) Displays the local label bindings. 
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Usage Guidelines 
The show mpls Idp bindings command displays label bindings learned by the LDP or TDP. 


Examples 
This sample output from the show mpls Idp bindings command displays the contents of the 
entire LIB. 
Routerl#show mpls ldp bindings 

10.92.0.0/16, rev 28 

local binding: label: imp-null 

remote binding: lsr: 172.27.32.29:0, label: imp-null 
10.102.0.0/16, rev 29 

local binding: label: 26 

remote binding: lsr: 172.27.32.29:0, label: 26 
10.105.0.0/16, rev 30 

local binding: label: imp-null 

remote binding: lsr: 172.27.32.29:0, label: imp-null 
10.205.0.0/16, rev 31 

local binding: label: imp-null 

remote binding: lsr: 172.27.32.29:0, label: imp-null 
10.211.0.7/32, rev 32 

local binding: label: 27 

remote binding: lsr: 172.27.32.29:0, label: 28 
10.220.0.7/32, rev 33 

local binding: label: 28 

remote binding: lsr: 172.27.32.29:0, label: 29 
99.101.0.0/16, rev 35 

local binding: label: imp-null 

remote binding: lsr: 172.27.32.29:0, label: imp-null 
100.101.0.0/16, rev 36 

local binding: label: 29 

remote binding: lsr: 172.27.32.29:0, label: imp-null 
171.69.204.0/24, rev 37 

local binding: label: imp-null 

remote binding: lsr: 172.27.32.29:0, label: imp-null 
172.27.32.0/22, rev 38 

local binding: label: imp-null 

remote binding: lsr: 172.27.32.29:0, label: imp-null 
210.10.0.0/16, rev 39 

local binding: label: imp-null 
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Monitoring Label Switching 


This topic describes how to monitor label switching. 


Monitoring Label Switching 


Router# 


show mpls forwarding-table 


° Displays contents of LFIB. 


Router# 


show ip cef detail 


* Displays label or labels attached to a packet during 
label imposition on edge LSR. 


MPLS v2.1—3-10 


show mpls forwarding-table 


To display the contents of the MPLS LFIB, use the following show mpls forwarding-table 
command in privileged EXEC mode: show mpls forwarding-table [ {network {mask | length} | 
labels /abel [-label]| interface interface | next-hop address | |sp-tunnel [tunnel-id]} | [detail]. 


show ip cef 


To display entries in the FIB that are unresolved or to display a summary of the FIB, use the 
following form of the show ip cef in privileged EXEC mode: show ip cef [unresolved | 
summary]. 


To display specific entries in the FIB based on IP address information, use the following form 
of the show ip cef in privileged EXEC mode: show ip cef [network [mask [longer-prefix|]] 
[detail]. 


To display specific entries in the FIB based on interface information, use the following form of 
the show ip cef in privileged EXEC mode: show ip cef [type number] [detail]. 
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Monitoring Label Switching: 


show mpls forwarding-table 
eee Cisco.com | 


Router# show mpls forwarding-table 2 


A.B.C.D 
detail 
interface 
labels 
lsp-tunnel 
next-hop 
vrft 


Destination prefix 
Detailed information 

Match outgoing interface 
Match label values 

LSP Tunnel id 

Match next hop neighbor 
Show entries for a VPN 
Routing/Forwarding instance 
Output modifiers 


show mpls forwarding-table 


To display the contents of the MPLS LFIB, use the following show mpls forwarding-table 
command in privileged EXEC mode: show mpls forwarding-table [ {network {mask | length} | 
labels /abel [-label]| interface interface | next-hop address | |sp-tunnel [tunnel-id]} | [detail]. 
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show mpls forwarding-table Syntax Description 


MPLS v2.1—3-11 


Parameter Description 

network (Optional) Destination network number. 

mask IP address of destination mask whose entry is to be shown. 
length Number of bits in mask of destination. 


labels /abel-label 


(Optional) Shows only entries with specified local labels. 


interface interface 


(Optional) Shows only entries with specified outgoing interface. 


next-hop address 


hop. 


(Optional) Shows only entries with specified neighbor as next 


Isp-tunnel tunnel-id 


LSP tunnel entries. 


(Optional) Shows only entries with specified LSP tunnel, or all 


detail 


(Optional) Displays information in long form (includes length of 
encapsulation, length of MAC string, MTU, and all labels). 
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Examples: show mpls forwarding table Command Output 


This is a sample output from the show mpls forwarding table command. 


Router#show mpls forwarding-table 


Local 
tag 
26 

28 


29 


30 


34 


35 


36 


Outgoing Prefix Bytes tag Outgoing Next Hop 
tag or VC or Tunnel Id switched interface 

Untagged 10.253.0.0/16 0 Et4/0/0 L723 21 23266 
1/3310.15.0.0/16 0 ATO/0.1 point2point 

Pop tag 10.91.0.0/16 0 Hs5/0 point2point 
1/36 10.91.0.0/16 0 ATO/0.1 point2point 

32 10.250.0.97/32 0 Et4/0/2 10.92.0.7 

32 10.250.0.97/32 0 Hs5/0 point2point 

26 10.77.0.0/24 0 Et4/0/2 point2point 

26 10.77.0.0/24 (0) Hs5/0 point2point 
Untagged[T] 10.100.100.101/32 0 Tul point2point 
Pop tag 168.1.0.0/16 0 Hs5/0 point2point 

1/37 168.1.0.0/16 0 ATO/0.1 point2point 


[T] = Forwarding through a LSP tunnel. 


Note 
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Monitoring Label Switching: 


show mpls forwarding-table detail 
ee ee Cay ST 


Router# show mpls forwarding-table detail 
Local Outgoing Prefix Bytes tag Outgoing Next Hop 
tag tag or VC or Tunnel Id switched interface 
70 Pop tag 192.168.3.3/32 0 Se0/0 point2point 
MAC/Encaps=4/4, MTU=1504, Tag Stack{} 
OF008847 
No output feature configured 
Per-packet load-sharing 
71 Pop tag 192.168.3.4/32 0 point2point 
MAC/Encaps=4/4, MTU=1504, Tag Stack{} 
OF008847 
No output feature configured 
Per-packet load-sharing 


This table describes the significant fields in the display. 


show mpls forwarding table Field Description 


Field Description 
Local tag Displays label assigned by this router. 
Outgoing tag or VC Displays label assigned by next hop or VPI/VCI used to get to 


next hop. Some of the entries that you can specify in this column 
are as follows: 


[T]: Forwarding is through an LSP tunnel. 


untagged: There is no label for the destination from the next hop, 
or label switching is not enabled on the outgoing interface. 


Pop tag: The next hop advertised an implicit null label for the 
destination, and this router popped the top label. 


Prefix or Tunnel ID Displays address or tunnel to which packets with this label are 
going. 

Bytes tag switched Displays number of bytes switched with this incoming label. 

Outgoing interface Displays interface through which packets with this label are sent. 

Next Hop Displays IP address of neighbor that assigned the outgoing label. 

MAC/Encaps Displays length in bytes of Layer 2 header, and length in bytes of 
packet encapsulation, including Layer 2 header and label header. 

MTU Displays MTU of labeled packet. 

Tag Stack Displays all the outgoing labels. If the outgoing interface is 


transmission convergence-ATM (TC-ATM), the virtual circuit 
descriptor (VCD) is also shown. 


00020900 00002000 Displays the actual encapsulation in hexadecimal form. There is a 
space shown between Layer 2 and the label header. 
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Monitoring Label Switching: 


show ip cef detail 
re 


Router# Show ip cef 192.168.20.0 detail 
192.168.20.0/24, version 23, cached adjacency to Serial1/0.2 
0 packets, 0 bytes 
tag information set 
local tag: 33 
tag rewrite with Sel/0.2, point2point, tags imposed: {32} 
via 192.168.3.10, Serial1/0.2, 0 dependencies 
next hop 192.168.3.10, Serial1/0.2 
valid adjacency 
tag rewrite with Sel/0.2, point2point, tags imposed: {32} 


show ip cef detail 
To display detailed FIB entry information for all FIB entries, use the following show ip cef 
detail command in privileged EXEC mode: show ip cef [type number] [detail]. 


show ip cef detail Syntax Description 


Parameter Description 

unresolved (Optional) Displays unresolved FIB entries. 

summary (Optional) Displays summary of the FIB. 

network (Optional) Displays the FIB entry for the specified destination 
network. 

mask (Optional) Displays the FIB entry for the specified destination 
network and mask. 

longer-prefix (Optional) Displays FIB entries for all more specific destinations. 

detail (Optional) Displays detailed FIB entry information. 

type number (Optional) Displays interface type and number for which to 


display FIB entries. 


Usage Guidelines 


The show ip cef command without any keywords or arguments shows a brief display of all FIB 
entries. 


The show ip cef detail command shows detailed FIB entry information for all FIB entries. 
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Debugging MPLS and LDP 


This topic describes how to debug MPLS and LDP. 


Debugging MPLS and LDP 


Router# 
debug mpls ldp ... 


* Debugs TDP adjacencies, session establishment, 
and label bindings exchange. 


Router# 


debug mpls 1fib ... 
* Debugs LFIB events: label creations, removals, 
rewrite, and so on. 


Router# 


debug mpls packets [ interface ] 


* Debugs labeled packets switched by the router. 


A large number of debug commands are associated with MPLS on Cisco IOS platforms. The 
debug mpls Idp set of commands debug various aspects of LDP protocol, from label 
distribution to exchange of the application-layer data between adjacent LDP-speaking routers. 


The debug mpls Ifib set of commands display LFIB-related events (allocation of new labels, 
removal of labels, and so on). 


The debug mpls packets command displays all labeled packets switched by the router (through 
the specified interface). 


Use this command with care, because it generates output for every packet processed. 
Furthermore, enabling this command causes fast and distributed label switching to be disabled 
for the selected interfaces. To avoid adversely affecting other system activity, use this 
command only when traffic on the network is at a minimum. 
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debug mpls packets 


To display labeled packets switched by the host router, use the debug mpls packets command 
in privileged EXEC mode. To disable debugging output, use the no form of this command. The 
following illustrates these two commands: 


m= debug mpls packets [interface] 


= no debug mpls packets [interface] 


debug mpls packets Syntax Description 


Field Description 

Hs0/0 Displays the identifier for the interface on which the packet was 
received or transmitted. 

Recvd Displays packet received. 

Xmit Displays packet transmitted. 

CoS Displays class of service (CoS) field from the packet label 
header. 

TTL Displays TTL field from the packet label header. 

(no tag) Displays last label popped off the packet and transmitted 
unlabeled. 

Tag(s) Displays a list of labels on the packet, ordered from the top of the 
stack to the bottom. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cine | 


* The show mpls interfaces command will show only 
those interfaces that have had mpls enabled. 


* Use the show mpls Idp bindings command to display 
the LIB table. 


¢ Use the show mpls forwarding-table command to 
display the LFIB table. 


¢ Use the debug mpls packets command with care 
because it causes fast and distributed switching to 
be disabled. 
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Lesson 4| 


Troubleshooting Frame-Mode 
MPLS on Cisco IOS Platforms 


Overview 


This lesson looks at some of the common issues that arise in MPLS networks. For each issue 
discussed, there is a recommended troubleshooting procedure to resolve the issue. 


It is very important to know what commands that you can use to verify correct operation of 
MPLS in the network. The information here will help you when you encounter problems with 
frame-mode interfaces that have MPLS running in the network. 


Objectives 


Upon completing this lesson, you will be able to describe how to troubleshoot frame-mode 
MPLS problems on Cisco IOS platforms. This ability includes being able to meet these 


objectives: 

m Identify the common issues that arise in MPLS networks 

m Describe how to solve LDP session startup issues 

m Describe how to solve label allocation issues that can arise in MPLS networks 
m Describe how to solve label distribution issues that can arise in MPLS networks 
m= Describe how to solve packet labeling issues that can arise in MPLS networks 
m Describe how to solve intermittent MPLS failures 

m Describe how to solve packet propagation issues in MPLS networks 
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What Are Common Frame-Mode MPLS Issues? 


This topic identifies some of the common frame-mode issues that arise in MPLS networks. 


Symptoms of Common Frame-Mode MPLS 
Issues 


en 


¢ The LDP session does not start. 
e Labels are not allocated. 
¢ Labels are not distributed. 


* Packets are not labeled, although the labels have 
been distributed. 


* MPLS intermittently breaks after an interface 
failure. 


¢ Large packets are not propagated across the 
network. 


The following describes the common issues that can be encountered while you are 
troubleshooting a frame-mode MPLS network: 


The LDP session does not start. 
The LDP session starts, but the labels are not allocated or distributed. 
Labels are allocated and distributed, but the forwarded packets are not labeled. 


MPLS stops working intermittently after an interface failure, even on interfaces totally 
unrelated to the failed interface. 


Large IP packets are not propagated across the MPLS backbone, even though the packets 
were successfully propagated across the pure IP backbone. 


This discussion will cover each of these issues and provide recommended steps for 
troubleshooting them. 
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Solving LDP Session Startup Issues 


This topic describes how to solve LDP session startup issues found in MPLS networks. 


LDP Session Startup Issues 


° Symptom 
—LDP neighbors are not discovered. 


¢ The show mpls Idp discovery command does 
not display expected LDP neighbors. 


* Diagnosis 
— MPLS is not enabled on the adjacent router. 
° Verification 


— Verify with the show mpls interface command on 
the adjacent router. 


Diagnosis: If MPLS is enabled on an interface, but no neighbors are discovered, it is likely that 
MPLS is not enabled on the neighbor. 


The router is sending discovery messages, but the neighbor is not replying because it does not 
have LDP enabled. 


Solution: Enable MPLS on the neighboring router. 


Copyright © 2004, Cisco Systems, Inc. Frame-Mode and Cell-Mode MPLS Implementation on Cisco IOS Platforms 3-61 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


LDP Session Startup Issues (Cont.) 


° Symptom 
—LDP neighbors are not discovered. 
° Diagnosis 


— There is a label distribution protocol mismatch— 
TDP on one end, LDP on the other end. 


° Verification 


— Verify with the show mpls interface detail 
command on both routers. 


Diagnosis: Another possibility is that the neighbor has a different label distribution protocol 
enabled on the interface. 

Solution: Use one of the following solutions: 

m Change the label distribution protocol on this end. 

m Change the label distribution protocol on the other end. 

m Enable both label distribution protocols on this end. 


m Enable both label distribution protocols on the other end. 
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LDP Session Startup Issues (Cont.) 


° Symptom 
—LDP neighbors are not discovered. 
* Diagnosis 


—Packet filter drops LDP neighbor discovery 
packets. 


° Verification 


—Verify access list presence with the show ip 
interface command. 


—Verify access list contents with the show access- 
list command. 
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Diagnosis: MPLS configurations match on both ends, but the session still does not get 
established. Check whether there are any input access lists that deny discovery messages. 


Solution: Remove or change the access list to allow User Datagram Protocol (UDP) packets 
with source and destination port number 646 (711 for TDP). 


Make sure that the access list also allows TCP to and from port 646 (711 for TDP). 
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LDP Session Startup Issues (Cont.) 


° Symptom 


—LDP neighbors are discovered; the LDP session 
is not established. 


* The show mpls Idp neighbor command does not 
display a neighbor in operational state. 


° Diagnosis 
— The connectivity between loopback interfaces is 


broken; the LDP session is usually established 
between loopback interfaces of adjacent LSRs. 


° Verification 


— Verify connectivity with the extended ping 
command. 


Diagnosis: LDP neighbors are exchanging hello packets, but the LDP session is never 
established. 


Solution: Check the reachability of the loopback interfaces, because they are typically used to 
establish the LDP session. Make sure that the loopback addresses are exchanged via the IGP 
used in the network. 
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Solving Label Allocation Issues 


This topic describes how to solve label allocation issues that could arise in MPLS networks. 


Label Allocation Issues 


° Symptom 
—Labels are not allocated for local routes. 


* The show mpls forwarding-table command does 
not display any labels. 


° Diagnosis 
—CEF is not enabled. 
° Verification 
—Verify with the show ip cef command. 


Diagnosis: Labels are not allocated for any or some of the local routes. Use the show ip cef 
command to verify whether CEF switching is enabled on all MPLS-enabled interfaces. 


Solution: Enable CEF switching by using the ip cef command in global configuration mode or 
the ip route-cache cef command in interface mode. 
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Solving Label Distribution Issues 


This topic describes how to solve label distribution issues that can arise in MPLS networks. 


Label Distribution Issues 


° Symptom 
— Labels are allocated, but not distributed. 


e Using the show mpls Idp bindings command on the 
adjacent LSR does not display labels from this LSR. 


* Diagnosis 
— There are problems with conditional label distribution. 
° Verification 


— Debug label distribution with debug mpls Idp 
advertisements. 


— Examine the neighbor LDP router IP address with the show 
mpls Idp discovery command. 


— Verify that the neighbor LDP router IP address is matched 
by the access list specified in the mpls advertise command. 
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Symptom: Labels are generated for local routes but are not received on neighboring routers. 


Solution: Check whether conditional label advertising is enabled and verify both access lists 
that are used with the command. 
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Solving Packet Labeling Issues 


This topic describes how to solve packet-labeling issues that can arise in MPLS networks. 


Packet Labeling Issues 


° Symptom 


—Labels are distributed, but packets are not 
labeled. 


¢ Using the show interface statistic command 
does not show labeled packets being sent. 


° Diagnosis 


—CEF is not enabled on the input interface 
(potentially because of a conflicting feature 
being configured). 


° Verification 
—Verify with the show cef interface command. 


Inc. Alll rights reserve MPLS v2.1—3-10 


Symptom: Labels exist, but packets are not labeled. 


Solution: Enable CEF switching by using the ip route-cache cef interface command and make 
sure that there is no feature enabled on the interface that is not supported in combination with 
CEF switching. Verify whether CEF is enabled on an individual interface with the show cef 
interface command. 
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Packet Labeling Issues: show cef interface 
I | 


Router#show cef interface 
Serial1/0.1 is up (if _number 15) 
Internet address is 192.168.3.5/30 
ICMP redirects are always sent 
Per packet loadbalancing is disabled 
IP unicast RPF check is disabled 
Inbound access list is not set 
Outbound access list is not set 
IP policy routing is disabled 
Interface is marked as point to point interface 
Hardware idb is Seriall1/0 
Fast switching type 5, interface type 64 
IP CEF switching enabled 
IP CEF VPN Fast switching turbo vector 
Input fast flags 0x1000, Output fast flags 0x0 
ifindex 3 (3) 
Slot 1 Slot unit 0 ve -1 
Transmit limit accumulator 0x0 (0x0) 
IP MTU 1500 
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show cef interface 


The show cef interface command is used to display CEF interface information. The following 
command is executed in privileged EXEC mode: show cef interface type number [detail]. 


This table describes the parameters for the show cef interface command. 


show cef interface Syntax Description 


Parameter Description 


type number Displays interface number and the number about which to display 
CEF-related information. 


detail (Optional) Displays detailed CEF information for the specified 
interface port number. 


Usage Guidelines 


This command is available on routers that have route processor (RP) cards and line cards. 
The detail keyword displays more CEF information for the specified interface. 


You can use this command to show the CEF state on an individual interface. 
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This table describes the significant fields in the display. 


show cef interface Field Description 


Field Description 

interface type number is {up | Indicates status of the interface. 

down} 

Internet address Displays Internet address of the interface. 

ICMP redirects are {always sent | Indicates how packet forwarding is configured. 

never sent} 

Per-packet load balancing Displays status of load balancing in use on the interface 
(enabled or disabled). 

Inbound access list {# | Not set} Displays number of access lists defined for the interface. 

Outbound access list Displays number of access lists defined for the interface. 

Hardware idb is type number Displays interface type and number configured. 

Fast switching type Indicates switching mode in use. Used for troubleshooting. 

IP Distributed CEF switching Indicates the switching path used. 

{enabled | disabled} 

Slot n Slot unit n Displays the slot number. 

Transmit line accumulator Indicates the maximum number of packets allowed in the 
transmit queue. 

IP MTU Displays the value of the MTU size set on the interface. 
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Solving Intermittent MPLS Failures 


This topic describes how to solve intermittent MPLS failures. 


Intermittent MPLS Failures After Interface 


Failure 
Oe Cisco.com 


° Symptom 


— The overall MPLS connectivity in a router 
intermittently breaks after an interface failure. 


° Diagnosis 


— The IP address of a physical interface is used for 
the LDP (or TDP) identifier. Configure a loopback 
interface on the router. 


° Verification 


—Verify the local LDP identifier with the show mpls 
Idp neighbors command. 


Symptom: MPLS connectivity is established, labels are exchanged, and packets are labeled 
and forwarded. However, an interface failure can sporadically stop an MPLS operation on 
unrelated interfaces in the same router. 


Details: LDP sessions are established between IP addresses that correspond to the LDP LSR 
identifier. The LDP LSR identifier is assigned using the algorithm that is also used to assign an 
Open Shortest Path First (OSPF) or a BGP router identifier. 


This algorithm selects the highest IP address of an active interface if there are no loopback 
interfaces configured on the router. If that interface fails, the LDP LSR identifier is lost and the 
TCP session carrying the LDP data is torn down, resulting in loss of all neighbor-assigned label 
information. 


The symptom can be easily verified with the show mpls Idp neighbors command, which 
displays the local and remote LSR identifiers. Verify that both of these IP addresses are 
associated with a loopback interface. 


Solution: Configure a loopback interface on the LSR. 


Note The LDP LSR identifier will change only after the router is reloaded. 
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Solving Packet Propagation Issues 


This topic describes how to solve packet propagation issues in an MPLS network. 


Packet Propagation Issues 
pe eee CRO | 


« Symptom 
— Large packets are not propagated across the network. 


¢ Use of the extended ping command with varying packet 
sizes fails for packet sizes close to 1500 


— In some cases, MPLS might work, but MPLS VPN will fail. 
¢ Diagnosis 
— There are label MTU issues or switches that do not support 
jumbo frames in the forwarding path. 
° Verification 


— Issue the traceroute command through the forwarding path; 
identify all LAN segments in the path. 


— Verify the label MTU setting on routers attached to LAN 
segments. 


— Check for low-end switches in the transit path. 


I rights reserve 


Symptom: Packets are labeled and sent, but they are not received on the neighboring router. A 
LAN switch between the adjacent MPLS-enabled routers may drop the packets if it does not 
support jumbo frames. 


Solution: Change the MPLS MTU size, taking into account the maximum number of labels 
that may appear in a packet. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cem | 


Some common frame-mode issues are as follows: LDP session 
does not start, labels are not allocated or distributed, and MPLS 
intermittently breaks after an interface failure. 


One LDP session startup issue is when LSP neighbors are not 
discovered. 


A label allocation issue is one where the labels are not allocated 
for local routes. 


Labels may be allocated, but not distributed correctly. 


Ensure that there are no conflicts between CEF and any other 
configured features; otherwise, packets might not be labeled. 


Use loopback IP addresses, not a configured interface IP 
address, to avoid MPLS connectivity to intermittently break 
down. 


Large packets are not propagated across the network. 
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Lesson 5 | 


Configuring LC-ATM MPLS 


Overview 


This lesson explains how to configure MPLS on router LC-ATM interfaces and Cisco IOS 
software-based ATM switches. The lesson presents configuration tasks, syntax definitions, and 
configuration examples. 


It is important to understand the differences between frame-based MPLS configuration and 
cell-based MPLS configuration. This lesson will explain some issues regarding the two 
technologies and, in particular, how they relate to cell-based MPLS. 


Objectives 


Upon completing this lesson, you will be able to describe how to configure LC-ATM MPLS 
Cisco IOS platforms. This ability includes being able to meet these objectives: 


m List the configuration tasks for MPLS on LC-ATM interfacesDescribe how to configure an 
LC-ATM interface on a routerDescribe how to configure an LC-ATM interface on a 
Catalyst ATM switchDescribe the guidelines for configuring MPLS between a router and a 
switch 


m™ Describe some additional LC-ATM parameters that can be configured 


m Describe how to disable VC merge 
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What Are the Configuration Tasks for MPLS on 
LC-ATM Interfaces? 


This topic lists the configuration tasks for configuring MPLS on LC-ATM interfaces. 


Configuration Tasks for MPLS on 
LC-ATM Interfaces 


¢ Configuration tasks on routers: 
—Create an LC-ATM subinterface. 
—Enable LDP on the subinterface. 


¢ Configuration tasks on Catalyst 8510 and Catalyst 
8540 ATM switches: 


— Configure MPLS on the ATM interface. 


¢ Configure additional LC-ATM parameters. 


Configuration of cell-mode MPLS differs from configuration of frame-mode MPLS. An 
additional command specifies the type of subinterface that is to be used. 


Instead of enabling a point-to-point or multipoint connection, you set the interface to MPLS 
mode. (This approach enables cell-mode MPLS instead of the default frame-mode MPLS.) 


When the ATM subinterface type is specified, use the MPLS configuration commands to 
enable MPLS on the interface. MPLS type (cell-mode versus frame-mode) is determined from 
the type of subinterface. 


Note On ATM switches, there is no need for an additional command because these switches run 
only cell-mode MPLS. 
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Configuring an LC-ATM Interface on a Router 


This topic describes how to configure an LC-ATM interface on a router. 


Configuring an LC-ATM Interface ona 


Router 
ann Cisco!com Mn 


Router (config) # 


interface atm number.sub-number mpls 


¢e Creates an LC-ATM subinterface. 


* By default, this subinterface uses VC 0/32 for label 


control protocols and VP=1 for label allocation. 


Router (config-if) # 


mpls ip 
mpls label protocol [ldp | tdp | both] 


¢ Enables MPLS on an LC-ATM subinterface. 
¢ Starts LDP on an LC-ATM subinterface. 


On Cisco IOS platform routers, subinterfaces are typically used. Use the mpls keyword to 
specify the type of subinterface when you are entering interface configuration mode. This 
command specifies that cell-mode MPLS should be used instead of frame-mode MPLS (which 
is the default). 


Use the mpls ip command in configuration mode to enable MPLS. 


After the mpls ip command is issued, the router creates the control virtual circuit with 
VPI/VCI=0/32 to establish an IP adjacency with the directly connected ATM switch. This 
virtual circuit is used for LDP and the routing protocol used in the network. 


Optionally, the label distribution protocol can be changed. By default, Cisco routers use TDP. 
There should be no need to enable both LDP and TDP, because there is only one device on the 
other side of the link. 


To enable MPLS forwarding of IPv4 packets along normally routed paths for a particular 
interface, use the mpls ip command in interface configuration mode. To disable this feature, 
use the no form of this command. The following illustrates these commands: 


= mpls ip 


= no mpls ip 
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mpls label protocol [tdp | Idp | both] 


To specify the label distribution protocol to be used on a given interface, use the mpls label 
protocol command in interface configuration mode. To disable this feature, use the no form of 
this command. The following illustrates these commands: 


= = mpls label protocol [Idp | tdp | both] 
= no mpls label protocol [Idp | tdp | both] 


This table describes the syntax for the mpls label protocol [tdp | Idp | both] command. 


mpls label protocol [tdp | Idp | both] Syntax Description 


Parameter Description 

Idp Specifies use of LDP on the interface. 

tdp Specifies use of TDP on the interface. 

both Specifies use of both label distribution protocols on the interface. 
Defaults 


TDP is the default protocol. 
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Configuring an LC-ATM Interface on a Catalyst 
ATM Switch 


This topic explains how to configure an LC-ATM interface on an ATM switch. 


Configuring an LC-ATM Interface ona 
Catalyst ATM Switch 


Router (config) # 


interface atm number 
mpls ip 
mpls label protocol [ldp | tdp | both] 


¢ Enables LC-ATM control on an ATM interface. 
¢ Starts LDP on the interface. 
¢ Default control VC=0/32, label allocation uses VPI=1. 


Use these commands to enable MPLS on an interface of a Catalyst ATM switch. Cell-mode 
MPLS is implied. Enabling both distribution protocols can be useful in a mixed environment 


when the supported protocol for every device connected to the switch does not need to be 
determined. 


When the LDP or TDP adjacency is established (over virtual circuit 0/32), the devices start 


negotiating label-switched controlled virtual circuits (LVCs). By default, all LVCs use a VPI 
value of 1. 


mpls ip 


To enable MPLS forwarding of IPv4 packets along normally routed paths for a particular 
interface, use the mpls ip command in interface configuration mode. To disable this feature, 
use the no form of this command. The following illustrates these commands: 


= mpls ip 


= no mpls ip 
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mpls label protocol [tdp | Idp | both] 


To specify the label distribution protocol to be used on a given interface, use the mpls label 
protocol command in interface configuration mode. To disable this feature, use the no form of 
this command. The following illustrates these commands: 


= = mpls label protocol [Idp | tdp | both] 
= no mpls label protocol [Idp | tdp | both] 


This table describes the syntax for the mpls label protocol [tdp | Idp | both] command. 


mpls label protocol [tdp | Idp | both] Syntax Description 


Parameter Description 

Idp Specifies use of LDP on the interface. 

tdp Specifies use of TDP on the interface. 

both Specifies use of both label distribution protocols on the interface. 
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Configuring MPLS Between a Router and a 
Switch 


This topic describes the guidelines for configuring MPLS between a router and a switch. 


Basic LC-ATM Configuration 


X 
MPLS-Enabled ATM Network 


interface atm 0/1/3 
mpls ip 
ip unnumbered loopback 0 


ip cef 

! 

interface atm 0/0.2 mpls 
mpls ip 

ip unnumbered loopback 0 


To enable cell-mode MPLS between a router and a switch, ensure that the router uses the 
MPLS type for the subinterface. 


For successful establishment of a label distribution session, both devices need to use the same 
protocol: LDP (or TDP). 


Both devices should use the same parameters for the control virtual circuit (VPI/VCI=0/32). 
There should be an intersection between the proposed ranges of VPI and VCI values. 


By default, all Cisco devices use a VPI value of 1 for dynamically established LVCs. 


Additionally, Cisco routers require CEF switching to enable MPLS. 
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Configuring Additional LC-ATM Parameters 


This topic describes some additional LC-ATM parameters that can be configured. 


Configuring Additional LC-ATM 
Parameters 


Router (config-if) # 


mpls atm control-ve vpi vci 


¢ Configures control virtual circuit between LC-ATM peers. 
* The default value is 0/32. 


* The setting has to match between LC-ATM peers. 


Router (config-if) # 


mpls atm vpi start-vpi [- end-vpi] 


¢ Configures the virtual path values that can be used for 
label allocation. 


* The default value is 1-1 (only virtual path value 1 is 
used). 


¢ LC-ATM peers need at least some overlapping virtual 
path values to start a TDP or LDP session. 


Use the mpls atm control-ve command to change the default VPI and VCI numbers used for 
the control virtual circuit. Use the mpls atm vpi command to change the default VPI values for 
the LVCs. 


mpls atm control-vc 


To configure VPI and VCI to be used for the initial link to the label-switching peer device, use 
the mpls atm control-ve command in interface configuration mode. The initial link is used to 

establish the LDP session and to carry non-IP traffic. To clear the interface configuration, use 

the no form of this command. The following illustrates these commands: 


= mpls atm control-ve vpi vci 


= no mpls atm control-ve vpi vci 


This table describes the syntax for the mpls atm control-ve command. 


mpls atm control-vc Syntax Description 


Parameter Description 
vpi Displays VPI. 
vei Displays VCI. 
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Defaults 


If the subinterface has not changed to a virtual path tunnel, the default is 0/32. If the 
subinterface corresponds to the virtual path tunnel VPI x, the default is x/32. 


mpls atm vpi 


To configure the range of values to be used in the VPI field for LVCs, use the mpls atm vpi 
command in interface configuration mode. To clear the interface configuration, use the no form 
of this command. The following illustrates these commands: 


= = mpls atm vpi vpi [- vpi] 


= no mpls atm vpi vpi [- vpi] 


This table describes the syntax for the mpls atm vpi command. 


mpls atm vpi Syntax Description 


Parameter Description 

vpi Displays VPI (low end of range). 

- vpi (Optional) Displays VPI (high end of range). 
Defaults 


The default is 1-1. 


Copyright © 2004, Cisco Systems, Inc. Frame-Mode and Cell-Mode MPLS Implementation on Cisco IOS Platforms 3-81 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Example: Configuring Additional LC-ATM Parameters 


The example shows how to change the default VPI range from 1-1 to 5-6. The control virtual 
circuit can also use the VPI value used for LVCs. 


Configuring Additional LC-ATM 
Parameters (Cont.) 


MPLS-Enabled ATM Network 


ip cef interface atm 0/1/3 

! mpls ip 

interface atm 0/0.2 mpls mpls atm vpi 5-6 

mpls ip mpls atm control-ve 5 32 
mpls atm vpi 5-6 ip unnumbered loopback 0 
mpls atm control-ve 5 32 ! 

ip unnumbered loopback 0 interface loopback 0 

! ip address 1.0.0.2 255.255.255.255 
interface loopback 0 ! 

ip address 1.0.0.1 255.255.255.255 router ospf 1 

! network 1.0.0.2 0.0.0.0 area 0 
router ospf 1 

network 1.0.0.1 0.0.0.0 area 0 


MPLS v2.1—3-8 


In this example, the control virtual circuit is using VPI=5 and VCI=32. Note that the values 
must match on each neighbor. 
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Configuring Additional LC-ATM 
Parameters (Cont.) 


Router (config) # 


no mpls ldp atm vc-merge 


¢ VC merge is enabled by default on all ATM 
switches that support the VC merge functionality. 


* This command disables VC merge. 


Router (config) # 


mpls ldp maxhops max-hops 


* This command configures the maximum-hops 
value for downstream-on-demand LDP loop 
detection. 


mpls Idp atm vc-merge 


To control whether the VC merge (multipoint-to-point) capability is supported for unicast 
LVCs, use the mpls Idp atm ve-merge command in global configuration mode. To disable this 
feature, use the no form of this command. The following illustrates these commands: 


= mpls Idp atm ve-merge 


= no mpls ldp atm vc-merge 


Usage Guidelines 


A large ATM network using cell-mode MPLS may experience the problem of having too many 
LVCs. MPLS itself is very similar to ATM, but it normally merges multiple sources into one 
destination (label). This is an unusual situation for ATM and can cause mixing of cells 
belonging to different packets. The end device that needs to reassemble the cells into a packet is 
not able to differentiate between cells, because the cells use the same VPI/VCI value pair. The 
following describes the two solutions: 


m Create a distinct label for every source-destination pair (may require a large number of 
LVCs). 


= Merge multiple sources to use the same destination label, by buffering the incoming cells in 
the ATM switch and forwarding them when the complete frame has been assembled. This 
option is called VC merge. 


VC merge is enabled by default on all devices that support it, and must be explicitly disabled if 
it is not desired. 
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Note The ATM switch that does the VC merge function buffers the entire ATM adaptation layer 5 


(AAL5) frame as the individual cells are received and then forwards them contiguously, 
without mixing cells. The end device, therefore, has no problem reassembling each 
individual frame correctly. The drawback of using VC merge is the increased store-and- 
forward delay incurred by the ATM switch. 


mpls Idp maxhops 


To limit the number of hops permitted in an LSP established by the downstream-on-demand 
method of label distribution, use the mpls Idp maxhops command in global configuration 
mode. To disable this feature, use the no form of this command. The following illustrates these 
commands: 


= mpls Idp maxhops number 


= no mpls ldp maxhops 


This table describes the syntax for the mpls Idp maxhops command. 


mpls Idp maxhops Syntax Description 


Parameter Description 


number Displays number from 1 to 255, inclusive, that defines the 


maximum hop count. The default is 254. 


Usage Guidelines 


3-84 


When an ATM LSR initiates a request for a label binding, it sets the hop-count value in the 
label request message to 1. Subsequent ATM LSRs along the path to the edge of the ATM 
label-switching region increment the hop count before forwarding the label request message to 
the next hop. 


When an ATM LSR receives a label request message, it does not send a label-mapping 
message in response, and it does not propagate the request to the destination next hop if the hop 
in the request equals or exceeds the maximum-hops value. Instead, the ATM LSR returns an 
error message that specifies that the maximum allowable hop count has been reached. This 
threshold is used to prevent forwarding loops in the setting up of LSPs across an ATM region. 
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Disabling VC Merge 


This topic describes how to disable VC merge. 


Disabling VC Merge 


no mpls ldp atm vc-merge 


no mpls ldp atm vc-merge |* 


¢ VC merge is enabled by default on switches supporting it. 


« VC merge prevents the interleaving of cells toward a common 
destination when they traverse the ATM network. 


¢ VC merge has to be disabled to allow cell interleaving. 


Inc. All rights reserved MPLS v2.1—3-10 


The VC merge feature is enabled by default on all switches that support it. If the feature is not 
required (that is, because of a small network, different line speeds, or buffering not desired), it 
can be disabled. 


Disabling VC merge results in the ability to interleave cells, but an LVC must be created for 
every source-destination pair. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


e MPLS on a LC-ATM router needs to have a 
subinterface defined with MPLS enabled. 


* On LC-ATM routers, use the mpls keyword to specify 
the type of subinterface when you are entering 
interface configuration mode. This command specifies 


that cell-mode MPLS should be used. 


e Use the command interface atm number on a Cisco 
Catalyst switch. 


* The default VPI/VCI value is 0/32. 


* Disabling VC merge (which is enabled by default) 
allows cells to be interleaved. 
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Lesson 6 | 


Configuring LC-ATM MPLS 
over AIM Virtual Path 


Overview 


This lesson explains what ATM Virtual Path (ATM VP) is and why it might be used. Also, the 
configuration of ATM VP for both routers and switches is covered in this lesson. 


This lesson explains what to do when an MPLS network must travel across an ATM network 
that does not support MPLS. This situation is somewhat typical when you are migrating from a 
standard ATM network to an IP+ATM network, or when the need arises to connect sites across 
a public ATM network. 


Objectives 


Upon completing this lesson, you will be able to describe how to configure LC-ATM MPLS 
over ATM VP. This ability includes being able to meet these objectives: 


m Describe the function of ATM VP 

m Describe how ATM VP can be used 

m Describe how to configure MPLS over ATM VP for switches 
m Describe how to configure MPLS over ATM VP for routers 
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What Is ATM Virtual Path? 


This topic describes the function of ATM VP. 


Introduction to ATM Virtual Path 


¢ ATM VP was designed to establish 
switch-to-switch connectivity between parts of a 
private ATM network over a public ATM network. 


* The same concept can be used to link two LC-ATM 
domains across a public network. 


° The public network switches all cells belonging to 
a path, and the ATM LSRs at each end of the path 
establish individual virtual circuits inside the path 
using LC-ATM procedures. 


A virtual path is a collection of virtual circuits with a common Virtual Path Identifier (VPI). 


ATM switches forward cells based on the VPI only (the VCI is ignored). This approach is 
useful if one or more switches in the network do not support MPLS. 


A static virtual path can be established between switches that support MPLS. Switches can 
establish a control virtual circuit across the virtual path and negotiate LVCs with the virtual 
path VPI used to set the label range. 


This solution is typically used when a public ATM network interconnects remote sites that use 
ATM switches. 
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ATM Virtual Path Usages 


This topic describes how ATM VP can be used. 


ATM Virtual Path Usages 


¢ Connecting two LC-ATM domains across a public 
network: 


—ATM PVC can be used to link two routers. 


—ATM VP has to be used to link an ATM switch to 
another ATM switch or a router. 


¢ Network migration toward IP+ATM: 


—Parts of the network already migrated can be 
linked with virtual paths during the transition 
period. 


The following two options are available to enable two MPLS domains across a public ATM 
network: 


= Virtual circuit: Frame-mode MPLS has to be used because ATM switches in the path do 
not support MPLS. Only routers support frame-mode MPLS. Switches cannot use frame- 
mode MPLS and, therefore, cannot use virtual circuits. 


= Virtual path: Cell-mode MPLS can be used between routers or switches on both ends of 
the virtual path. 


Virtual paths can also be used in the migration when sites are being reconnected to MPLS- 
enabled switches. 


Virtual paths can be established from an MPLS-enabled switch to all devices connected to 
ATM switches that do not support MPLS. The network can then slowly be migrated toward 
IP+ATM without the need for an “overnight” full migration. 
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ATM Virtual Path Usages: 
Example 


MPLS data is sent in cells with ATM VP is created across the 
the VPI value of the virtual path. public ATM network. 

Public ATM switches switch on 

VPI value only. 


|, y | 
< LDP Session 


NX 
Public ATM Network 


The LDP session runs directly 
between endpoints of the virtual path. |: 


MPLS v2.1—3-5 


© 2004 Cisco Systems, 


To enable cell-mode MPLS across a virtual path, the control virtual circuit should use the VPI 
of the virtual path. 


A router or a switch will then establish an adjacency with a router or a switch on the other end 
of the virtual path. 


It is mandatory that the same VPI be used on both ends of the path, because the VPI is part of 
the LDP virtual path range negotiation. 
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ATM Virtual Path Usages: 


Scenarios 
_————————— a isco\con mn 


These combinations are supported: 

° ATM switch to ATM switch 

¢ ATM switch to a router 

¢ Router to router (not advisable; use frame-mode 


MPLS over ATM PVC instead) 


MPLS v2.1—3-6 


The following describes how a virtual path can be used to connect any pair of devices across a 
public ATM network: 


= Switch to switch 
= Switch to router 


= Router to router (PVCs with frame-mode MPLS are usually used in this case.) 
The first two options allow MPLS to run across a public ATM network. 


The third option can also be used, but it has no advantage over using frame-mode MPLS across 
PVCs. However, the router-to-router solution requires a reservation of a large number of virtual 
circuits. (A virtual path carries 65,536 virtual circuits.) 
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Configuring MPLS over ATM Virtual Path— 
Switches 


This topic describes how to configure MPLS over ATM VP for switches. 
Configuring MPLS over ATM Virtual Path— 


Switches 
eee OOOO EE ee (Cisco.com | 


* ATM VP is configured on an ATM interface. 


¢ An MPLS-enabled subinterface is created. The VPI 
equals the subinterface number. 


¢ The VPI has to match between peers. 


! Configure LC-ATM MPLS over VP 17 
! 
interface atm 0/1/3 
atm pvp 17 
! 


interface atm 0/1/3.17 point-to-point 
ip unnumbered loopback 0 
mpls ip 


A subinterface is configured with the VPI, which equals the subinterface number and has cell- 
mode MPLS functionality. 


Example: Configuring MPLS over ATM Virtual Path—Switches 


In the figure, a virtual path with a VPI of 17 is created. 


Note The VPI has to match between peers. 
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Example: Configuration of Both MPLS-Enabled ATM Switches 


This figure shows the configuration of both MPLS-enabled ATM switches connected by a 
virtual path across a public ATM network. 


Configuring MPLS over ATM Virtual Path— 
Switches (Cont.) 


| I 
MPLS-Enabled Network |} Public ATM Network || MPLS-Enabled Network 


interface atm 0/1/3 interface atm 0/1/1 
description MPLS router description MPLS router 

mpls ip mpls ip 

ip unnumbered loopback 0 ip unnumbered loopback 0 

' ! 

interface atm 1/0/1 interface atm 2/0/1 
description Public ATM network description Public ATM network 
atm pvp 35 atm pvp 35 

' t 

interface atm 1/0/1.35 point-to-point interface atm 2/0/1.35 point-to-poin 
mpls ip mpls ip 

ip unnumbered loopback 0 ip unnumbered loopback 0 


bs 
FN 
8 


MPLS v2.1—3- 


The VPI has to be the same on the first and last hop in the path. The ATM provider can use any 
VPI on any other link. 


The example shows that the subinterface that is created, on both switches, has a subinterface 
number equal to the VPI. 


Note The example does not change the parameters of the control virtual circuit. PVCs will need to 
be established for the control virtual circuit (0/32). 
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Configuring MPLS over ATM Virtual Path— 
Routers 


This topic describes how to configure MPLS over ATM VP for routers. 


Configuring MPLS over ATM Virtual Path— 


MPLS-Enabled Network | | Public ATM Network | | MPLS-Enabled Network 


1 


! Configure LC-ATM tag switching over VP 17 
! 


interface atm 0/0.2 tag-switching 

ip unnumbered loopback 0 

mpls atm control-ve 17/32 

mpls atm vpi 17-17 

mpls ip 
An LC-ATM interface is created. 
The ATM VPI is set to the virtual path number. 
The control virtual circuit needs to be established within the virtual path. 


The VPI has to match between peers. 


To simplify the provisioning of the connection across a public ATM network, you can also put 
the control virtual circuit into the virtual path. 


Example: Configuring MPLS Over ATM Virtual Path—Routers 


The figure shows how to change the control virtual circuit to use the same VPI used to establish 
the virtual path. 


If the public network is forwarding cells for VPI=17, the control virtual circuit should be put 
into this virtual path (17/32) and the label range has to be set to use the same VPI (17-17). 


Note The VPI has to match between peers. 
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Configuring MPLS over ATM Virtual Path— 
Routers (Cont.) 


interface atm 0/1/3 

description MPLS router 

mpls ip 

ip unnumbered loopback 0 

! 

interface atm 1/0/1 

description Public ATM network 

atm pvp 35 

! 

interface atm 1/0/1.35 point-to-point 


mpls ip 
ip unnumbered loopback 0 


© 2004 Cisco Systems, Inc. All rights reserved 


When you connect a router and a switch through a virtual path, you need to set only the 


ip cef 
! 


interface atm 5/0/0 

description Public ATM network 

! 

interface atm 5/0/0.1 tag-switching 
mpls ip 

ip unnumbered loopback 0 0 

mpls atm vpi 35 

mpls atm control-ve 35 32 


parameters for the control virtual circuit and the label range on the router. 


The router is unaware that the control virtual circuit is not terminated on the directly connected 


switch. The public ATM network simply forwards all cells based on the VPI to the other 


endpoint, where an MPLS-enabled switch continues forwarding based on VPI and VCI values. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


° A virtual path is a collection of virtual circuits with 
a common VPI. 


* Two main usages for ATM Virtual Path: 


— Connecting two LC-ATM domains across a 
public network 


— Network migration toward IP+ATM 


° When you are configuring ATM Virtual Path on 
switches, the virtual path number equals the 
subinterface number that is created. 


¢ When you are configuring ATM Virtual Path on 
routers, the control virtual circuit needs to be 
established within the virtual path. 
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Lesson 7| 


Monitoring LC-ATM MPLS on 
Cisco IOS Platforms 


Overview 


This lesson describes the commands that are used to monitor LC-ATM functions, including 
command syntax, definitions, and examples. 


It is important to understand the network that you have just configured. This lesson will help 
when you are looking at LC-ATM connections in your network and verifying that the network 
is running smoothly. The lesson will also help you to identify and isolate problems with the 
network. 


Objectives 


Upon completing this lesson, you will be able to describe how to monitor LC-ATM MPLS on 
Cisco IOS platforms. This ability includes being able to meet these objectives: 


Describe how to monitor specific LC-ATM label-switching functions 


Describe how to display summary information about all the entries in the ATM label- 
binding database 


Describe how to display current label bindings 
Describe how to display MPLS ATM capabilities negotiated by LDP 
Describe how to debug ATM LDP functions 
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How to Monitor Specific LC-ATM Label-Switching 
Functions 


This topic describes how to monitor specific LC-ATM switching functions. 


Monitoring Specific LC-ATM 
Label-Switching Functions 


Router# 


show mpls atm-ldp summary 


° Displays the summary of ATM LDP. 
Router# 


show mpls atm-ldp bindings 


° Displays ATM LDP label information base (LIB). 


Router# 


show mpls atm-ldp capability 


* Displays the LC-ATM capabilities of this label 
switch router (LSR) and peering LC-ATM LSRs. 


Several other commands display labels in ATM format. 


The commands are similar to show mpls Idp commands, except the show mpls atm-Idp 
commands display ATM specific parameters. Use a question mark to see all of the 
subcommands or use the show mpls atm Idp command. 


show mpls atm-ldp summary 


To display summary information about all of the entries in the ATM label-binding database, 
use the following command in privileged EXEC mode: show mpls atm-Idp summary. 


show mpls atm-ldp bindings 


To display specified entries from the ATM label-binding database, use the show mpls atm-Idp 
bindings command in privileged EXEC mode. The ATM label-binding database contains 
entries for LVCs on LC-ATM interfaces. The following illustrates this command: show mpls 
atm-Idp bindings [network {mask | length} ] [local-label vpi vci] [remote-label vpi vci] 
[neighbor interface]. 
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This table describes the syntax for the show mpls atm-Idp bindings command. 


show mpls atm-Idp bindings Syntax Description 


Parameter Description 

network (Optional) Defines the destination network number. 

mask (Optional) Defines the network mask in the form A.B.C.D 
(destination prefix). 

length (Optional) Defines the mask length (1 to 32). 


local-label vpi vci 


(Optional) Selects the label values assigned by this router. (VPI 
range is 0 to 4095. VCI range is 0 to 65535.) 


remote-label vpi vci 


(Optional) Selects the label values assigned by the other router. 


(VPI range is 0 to 4095. VCI range is 0 to 65535.) 


neighbor interface 


(Optional) Selects the label values assigned by the neighbor on 
a specified interface. 


show mpls atm-ldp capability 


To display the MPLS ATM capabilities negotiated with LDP neighbors for LC-ATM 
interfaces, use the following show mpls atm-ldp capability command in privileged EXEC 
mode: show mpls atm-lIdp capability. 
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How to Display Summary Information About ATM 


Entries 


This topic describes how to display summary information about all of the entries in the ATM 


label-binding database. 


show mpls atm-ldp summary 


Router# show mpls atm-ldp summary 


Total number of destinations: 
ATM label bindings summary 
interface total active 


ATMO/0/0 594 594 
ATMO/0/1 590 590 
ATMO/0/2 1179 1179 
ATM0/0/3 1177 1177 
ATMO/1/0 1182 1182 


local 


296 
296 
591 
592 
590 


788 


remote 


298 
294 
588 
585 
592 


Bwait 


0 


0 
0 
0 
te) 


Rwait 


0 


0 
0 
0 
0 


IFwait 


To display summary information about all of the entries in the ATM label-binding database, 
use the show mpls atm-ldp summary command in privileged EXEC mode. 
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This table describes the significant fields in the display. 


show mpls atm-ldp summary Field Description 


Field 


Total number of destinations 


Description 


Number of known destination address prefixes. 


interface Name of an interface with associated ATM label bindings. 

total Total number of ATM labels on this interface. 

active Number of ATM labels in an “active” state, ready to use for data 
transfer. 

local Number of ATM labels assigned by this LSR on this interface. 

remote Number of ATM labels assigned by the neighbor LSR on this 
interface. 

Bwait Number of bindings that are waiting for a label assignment from the 
neighbor LSR. 

Rwait Number of bindings that are waiting for resources (VPI/VCI space) 
to be available on the downstream device. 

|Fwait Number of bindings that are waiting for learned labels to be 


installed for switching use. 
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How to Display Current Label Bindings 


This topic describes how to display current label bindings. 


show mpls atm-ldp bindings 


Router# show mpls atm-ldp bindings 
Destination: 6.6.6.6/32 
Tailend Switch ATM0/0/3 1/34 Active -> Terminating Active 
Destination: 150.0.0.0/16 
Tailend Switch ATM0/0/3 1/35 Active -> Terminating Active 
Destination: 4.4.4.4/32 
Transit ATM0/0/3 1/33 Active -> ATMO/1/1 1/33 Active 


To display current label bindings, use the show mpls atm-Idp bindings command in privileged 
EXEC mode. 
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This table describes the significant fields in the display. 


show mpls atm-lIdp bindings Field Description 


Field Description 

Destination Destination (network and mask). 

Headend Router Indicates types of virtual circuits. Options include the following: 
Tailend Router = Headend: Virtual circuit that originates at this router 
Tailend Switch a Tailend: Virtual circuit that terminates at this platform 
Transit a Transit: Virtual circuit that passes through a switch 
ATMO/0/3 Interface. 

1/34 VPI/VCI. 

Field Description. 

Active Indicates the virtual circuit state. Options include the following: 


= Active: Set up and working 
a Bindwait: Waiting for a response 


= Remote Resource Wait: Waiting for resources (VPI/VCI space) to be 
available on the downstream device 


= Parent Wait: Transit virtual circuit input side waiting for output side to 
become active 


VCD Displays virtual circuit descriptor number. 
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How to Display MPLS ATM Capabilities by LDP 


This topic describes how to display the MPLS ATM capabilities negotiated by LDP. 


show mpls atm-ldp capability 


Router# show mpls atm-ldp capability 


ATMO/1/0 
Negotiated 
Local 
Peer 


ATMO/1/1 
Negotiated 
Local 
Peer 


VPI 

Range 

[100 - 101] 
[100 - 101] 
[100 - 101] 


VPI 

Range 
[201 - 
[201 - 
[201 - 


ver 

Range 
[33 - 
[33 - 
[33 - 


ver 

Range 
[33 - 
[33 - 
[33 - 


1023] 
16383] 
1023] 


1023] 
16383] 
1023] 


Alloc 

Scheme 
UNIDIR 
UNIDIR 
UNIDIR 


Alloc 
Scheme 
BIDIR 
UNIDIR 
BIDIR 


Odd/Even VC Merge 
Scheme IN OUT 


Odd/Even VC Merge 
Scheme IN OUT 


ODD 
EVEN 


When two LSRs establish an LDP session, they negotiate parameters for the session, that is, a 
range of VPIs and VCIs that will be used as labels. 


The show mpls atm-ldp capability command displays the MPLS ATM capabilities negotiated 
by LDP. The following explains each line of this command: 


m= The first line shows the negotiated (active) parameters. 


m The second line shows the parameters proposed by this router. 


m The third line shows the parameters proposed by the neighbor. 
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This table describes the significant fields in the display. 


show mpls atm-lIdp capability Field Description 


Parameter Description 

VPI Range Displays minimum and maximum number of VPIs supported on this 
interface. 

VCI Range Displays minimum and maximum number of VCls supported on this 


interface. 


Alloc Scheme 


Indicates the applicable allocation scheme, as follows: 


m= UNIDIR: Unidirectional capability indicates that the peer can, within a 
single VPI, support binding of the same VCI to different prefixes on 
different directions of the link. 


us BIDIR: Bidirectional capability indicates that within a single VPI, a 
single VCI can appear in one binding only. In this case, one peer 
allocates bindings in the even VCI space, and the other in the odd 
VCI space. The system with the lower LDP identifier assigns even- 
numbered VCls. 


The negotiated allocation scheme is UNIDIR, but only if both peers have 
UNIDIR capability. Otherwise, the allocation scheme is BIDIR. 


NOTE: These definitions for “unidirectional” and “bidirectional” are 
consistent with normal ATM usage of the terms; however, they are 
exactly opposite from the definitions for them in the IETF LDP 
specification. 


Odd/Even Scheme 


Indicates whether the local device or the peer is assigning an odd- or 
even-numbered VCI when the negotiated scheme is BIDIR. This 
parameter does not display any information when the negotiated scheme 
is UNIDIR. 


VC Merge Indicates the type of VC merge support available on this interface. There 
are two possibilities, as follows: 

IN: Indicates the input interface merge capability. IN accepts the 

following values: 

m EN: The hardware interface supports VC merge, and VC merge is 
enabled on the device. 

um DIS: The hardware interface supports VC merge, and VC merge is 
disabled on the device. 

m= NO: The hardware interface does not support VC merge. 

OUT: Indicates the output interface merge capability. OUT accepts the 

same values as the input merge side. 

The VC merge capability is meaningful only on ATM switches. This 

capability is not negotiated. 

Negotiated Indicates the set of options that both LDP peers have agreed to share on 
this interface. For example, the VPI or VCI allocation on either peer 
remains within the negotiated range. 

Local Indicates the options supported locally on this interface. 

Peer Indicates the options supported by the remote LDP peer on this 


interface. 
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Debugging Specific ATM LDP Functions 


This topic describes how to debug ATM LDP issues. 


Debugging Specific ATM LDP Functions 


Router# 


debug mpls atm-ldp routes 


* Debugs LDP requests over LC-ATM interfaces. 


Router# 


debug mpls atm-ldp states 


° Details LVC state transition debugging. 


debug mpls atm-Idp routes 


The debug mpls atm-ldp routes command displays information about the state of the routes 
for which VCI requests are being made. 


When there are many routes and system activities (shutting down interfaces, learning new 
routes, and so on), the debug mpls atm-Idp routes command displays extensive information 
that might interfere with system timing. Most commonly, this interference affects normal LDP 
operation. To avoid this problem, increase the LDP hold time with the mpls Idp holdtime 
command. 


debug mpls atm-ldp states 
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The debug mpls atm-lIdp states command displays information about LVC state transitions as 
they occur. 


When there are many routes and system activities (shutting down interfaces, learning new 
routes, and so on), the debug mpls atm-Idp states command displays extensive information 
that might interfere with system timing. Most commonly, this interference affects normal LDP 
operation. To avoid this problem, increase the LDP hold time with the mpls Idp holdtime 
command. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


* Cisco IOS commands used to monitor LC-ATM 
label-switching functions are similar to show mpls Idp 
commands. 


¢ The show mpls atm-ldp summary command shows 
information about all entries in the label-binding 
database. 


¢ The show mpls atm-lIdp bindings command shows 
current label bindings. 


¢ The show mpls atm-Idp capability command shows 
parameters that have been negotiated between two 
LSRs. 


° Specific LC-ATM debug commands will not need to be 
used during normal operation. 


Inc. Alll rights reserve 
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Module Summary 


This topic summarizes the key points discussed in this module. 


Module Summary 


¢ CEF must be running as a prerequisite to running 
MPLS on a Cisco router. 


¢ Frame-mode MPLS requires CEF switching and 
MPLS enabled on appropriate interfaces. Optional 
items include MPLS ID, MTU, IP TTL, and 
conditional label advertisement. 


* When you encounter problems with frame-mode 
MPLS interfaces, it is helpful to know the 
procedures for monitoring MPLS on Cisco IOS 
platforms. 


¢ When you verify correct operation of MPLS in the 
network, you will also need to know the 
recommended troubleshooting procedures. 
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Module Summary (Cont.) 


¢ LC-ATM MPLS routers require an enabled 
subinterface with keyword mpls. LC-ATM switches 
also require interfaces to be enabled for MPLS 
operations. VC-merge is enabled by default for LC- 
ATM MPLS switches. 


° ATM Virtual Path allows MPLS ATM switch and 
router connectivity through a non-MPLS network 
via static VPI. 


* Monitoring the LC-ATM connections in your 
network is critical to identify and isolate problems. 


There are many detailed configuration, monitoring, and debugging guidelines when 
implementing frame-mode MPLS and cell-mode MPLS on Cisco IOS platforms. Advanced 
technologies, such as TTL propagation and label distribution, are also critical when switching 
implementations. 


References 


For additional information, refer to these resources: 


m Search for “CEF switching” on Cisco.com for additional information. 
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Module Self-Check 


Use the questions here to review what you learned in this module. The correct answers and 
solutions are found in the Module Self-Check Answer Key. 


Ql) What is another name for topology-driven switching? (Source: Introducing CEF 


Switching) 

A) CEF 

B) fast switching 

C) cache switching 
D) process switching 


Q2) What is the command to monitor CEF? (Source: Introducing CEF Switching) 


A) Router#show cef 

B) Router>show ip cef 

C) Router#show ip cef 

D) Router(config)#show ip cef 


Q3) — What is the command to enable CEF on a Cisco router? (Source: Introducing CEF 
Switching) 
A) Router#ip cef 
B) Router>ip cef 
C) Router(config)#cef 
D) Router(config)#ip cef 


Q4) In CEF switching, what is the difference between the adjacency table and the ARP 
cache? (Source: Introducing CEF Switching) 
A) The adjacency table holds the Layer 2 header, and the ARP cache does not. 
B) The ARP cache holds the Layer 2 header, and the adjacency table does not. 


C) Both the adjacency table and the ARP cache hold the Layer 2 header. 
D) Neither the adjacency table nor the ARP cache holds the Layer 2 header. 


Q5) What happens to a packet that should be fast-switched but the destination is not in the 
switching cache? (Source: Introducing CEF Switching) 
A) The packet is dropped. 
B) The packet is cache-switched. 


C) The packet is process-switched. 
D) CEF switching is used. 


Q6)  IfIP TTL propagation is not allowed, what is the value that is placed in the MPLS 
header? (Source: Configuring Frame-Mode MPLS on Cisco IOS Platforms) 


A) 0 
B) 1 
C) 254 
D) 255 
Q7) The MPLS MTU is increased to to support 1500-B IP packets and MPLS stacks 


up to 3 levels deep. (Source: Configuring Frame-Mode MPLS on Cisco IOS Platforms) 
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Q8) 


Q9) 


Q10) 


Q11) 


Q12) 


Q13) 


Q14) 


Which of the following is the correct command to enable MPLS in Cisco IOS 
software? (Source: Configuring Frame-Mode MPLS on Cisco IOS Platforms) 


A) Router#mpls ip 

B) Router>mpls ip 

C) Router(config)#mpls ip 
D) Router(config-if)#mpls ip 


Which of the following is NOT a mandatory step to enable MPLS? (Source: 
Configuring Frame-Mode MPLS on Cisco IOS Platforms) 


A) Enable CEF switching. 

B) Label the pool configuration. 

C) Configure the MTU size for labeled packets. 

D) Configure LDP (or TDP) on every interface that will run MPLS. 


What needs to be configured to specify which neighbors would selectively receive 
label advertisements? (Source: Configuring Frame-Mode MPLS on Cisco IOS 
Platforms) 


A) Controlled label distribution needs to be configured. 
B) Conditional label distribution needs to be configured. 
C) Unsolicited label distribution needs to be configured. 
D) All neighbors will receive all labels. 


If frame-mode MPLS is run on ATM interfaces, LDP or LDP neighbor relationships 
are established between the routers. (Source: Configuring Frame-Mode MPLS 
on Cisco IOS Platforms) 


Which command is used to display information about the LDP Hello protocol timers? 
(Source: Monitoring Frame-Mode MPLS on Cisco IOS Platforms) 


A) show ip cef 

B) show mpls Idp parameters 
C) show Idp forwarding-table 
D) show mpls Idp discovery 


Which command is used to display the contents of the LIB table? (Source: Monitoring 
Frame-Mode MPLS on Cisco IOS Platforms) 


A) show mpls Idp labels 

B) show mpls Idp bindings 

C) show mpls Idp neighbors 

D) show mpls forwarding-table 


Which command is used to display the contents of the LFIB table? (Source: Monitoring 
Frame-Mode MPLS on Cisco IOS Platforms) 


A) show mpls Idp labels 

B) show mpls Idp bindings 

C) show mpls Idp neighbors 

D) show mpls forwarding-table 
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QI5) 


Which command would NOT be used to debug MPLS or LDP? (Source: Monitoring 
Frame-Mode MPLS on Cisco IOS Platforms) 

A) debug mpls Idp 

B) debug mpls Ifib 

C) debug mpls packets 

D) debug mpls Idp neighbors 


Q16) Which two of the following would cause an LDP (or TDP) session not to be established 
between two LSRs? (Choose two.) (Source: Troubleshooting Frame-Mode MPLS on 
Cisco IOS Platforms) 

A) an access list that allows TCP/UDP port number 646 
B) an access list that allows TCP/UDP port number 711 
C) an access list that does not allow TCP/UDP port number 646 
D) an access list that does not allow TCP/UDP port number 711 

Q17) Which command is issued to troubleshoot label allocation issues? (Source: 
Troubleshooting Frame-Mode MPLS on Cisco IOS Platforms) 

A) show cef 
B) show Ifib 
C) show ip cef 
D) show mpls Ifib 

Q18) Which command is issued to see if labels are being distributed from the local LSR? 
(Source: Troubleshooting Frame-Mode MPLS on Cisco IOS Platforms) 

A) show mpls Idp lib (on the local router) 
B) show mpls Idp lib (on the remote router) 
C) show mpls Idp bindings (on the local router) 
D) show mpls Idp bindings (on the remote router) 

Q19) Which of the following correctly implements the show cef interface command? 
(Source: Troubleshooting Frame-Mode MPLS on Cisco IOS Platforms) 

A) router>show cef interface 
B) router#show cef interface 
C) router(config)#show cef interface 
D) router(config-router))#show cef interface 

Q20) To reduce the chances of having intermittent MPLS failures because of an interface 
failing, a address should be configured. (Source: Troubleshooting Frame-Mode 
MPLS on Cisco IOS Platforms) 

Q21) ALAN switch is in the network path between two LSRs. It has been discovered that 
large packets are not being propagated across the network. The most possible cause 
would be which of the following? (Source: Troubleshooting Frame-Mode MPLS on 
Cisco IOS Platforms) 

A) The precedence bit has not been set in the MPLS label. 

B) The TTL has not been set correctly to address this issue. 

C) The MTU size has not been set correctly to address this issue. 

D) This is not a legal configuration. LSRs must be directly connected. 

Q22) A must be created on an LC-ATM router to support MPLS. (Source: 
Configuring LC-ATM MPLS) 
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Q23) 


Q24) 


Q25) 


Q26) 


Q27) 


Q28) 


Q29) 


On Cisco IOS platform routers, mode MPLS is the default. (Source: Configuring 
LC-ATM MPLS) 


Which VPI value do all LVCs use by default? (Source: Configuring LC-ATM MPLS) 


A) 0 
B) 1 
C) 32 
D) ‘100 


For successful establishment of a label distribution session between an LC router and 
an ATM switch, both devices need to use the same of which item? (Source: 
Configuring LC-ATM MPLS) 


A) IGP 
B)  VRI/VDI 
C) subinterface number 


D) label distribution protocol 


Which command sets the threshold that will prevent forwarding loops in the setting up 
of label switch paths across an ATM region? (Source: Configuring LC-ATM MPLS) 


A) mpls vpi 

B) mpls atm vpi 

C) mpls maxhops 

D) mpls Idp maxhops 


Which two of the following statements are correct? (Choose two.) (Source: 

Configuring LC-ATM MPLS)VC merge is enabled by default on all ATM switches. 

B) VC merge is disabled by default on all ATM switches. 

C) Disabling VC merge results in the ability to interleave cells, but an LVC must 
be created for every source-destination pair. 

D) Disabling VC merge results in the ability to interleave cells, but an LVC will 
NOT be created for every source-destination pair. 


What is a virtual path? (Source: Configuring LC-ATM MPLS over ATM Virtual Path) 
A) a pool of MPLS labels 


B) a collection of virtual circuits with a common VDI 
C) a collection of virtual circuits with a common VPI 
D) a collection of virtual circuits with a common VCI 


Why is it mandatory that the VPI be used on both ends of the virtual path over a public 
ATM network? (Source: Configuring LC-ATM MPLS over ATM Virtual Path) 


A) because the VPI value is part of the LDP virtual path range negotiation 
B) because the VCI value is part of the LDP virtual circuit range negotiation 
C) because the TTL value would not be able to be propagated 

D) It is not mandatory, but only recommended. 
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Q30) 


Which two of the following statements are correct when describing the configuration of 
ATM Virtual Path between two ATM switches? (Choose two.) (Source: Configuring 
LC-ATM MPLS over ATM Virtual Path) 


A) The virtual path number has to match between peers. 

B) The virtual path number does not have to match between peers. 

C) The MPLS-enabled subinterface number is the same as the virtual path 
number. 

D) The MPLS-enabled subinterface number cannot be the same as the virtual path 
number. 

Q31) Which two of the following statements are correct when describing the configuration of 
ATM Virtual Path between two ATM routers? (Choose two.) (Source: Configuring 
LC-ATM MPLS over ATM Virtual Path) 

A) The virtual path number has to match between peers. 

B) The virtual path number does not have to match between peers. 

C) The control virtual circuit cannot be established within the virtual path. 
D) The control virtual circuit can be established within the virtual path. 

Q32) Which command is NOT used to monitor LC-ATM label-switching functions? 
(Source: Monitoring LC-ATM MPLS on Cisco IOS Platforms) 

A) show mpls atm-ldp labels 
B) show mpls atm-lIdp bindings 
C) show mpls atm-Idp summary 
D) show mpls atm-ldp capability 

Q33) Which command provides summary information about all entries in the label-binding 
database? (Source: Monitoring LC-ATM MPLS on Cisco IOS Platforms) 
A) show mpls atm-lIdp bindings 
B) show mpls atm-Idp summary 
C) show mpls atm-ldp capability 
D) show mpls atm-lIdp labels-summary 

Q34) Which command shows the current label bindings? (Source: Monitoring LC-ATM 
MPLS on Cisco IOS Platforms) 

A) show mpls atm-lIdp bindings 

B) show mpls atm-Idp summary 

C) show mpls atm-ldp capability 

D) show mpls atm-ldp labels-bindings 

Q35) Which command shows the negotiated parameters between LSRs? (Source: Monitoring 

LC-ATM MPLS on Cisco IOS Platforms) 
A) show mpls atm-ldp Isr 
B) show mpls atm-lIdp bindings 
C) show mpls atm-Idp summary 
D) show mpls atm-ldp capability 
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Q36) Which of the following is used to debug an LC-ATM issue? (Source: Monitoring LC- 
ATM MPLS on Cisco IOS Platforms) 


A) debug mpls atm-ldp Isrs 

B) debug mpls atm-Idp routes 
C) debug mpls atm-Idp nodes 
D) debug mpls atm-ldp switches 
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Module Self-Check Answer Key 


Ql) A 
Q2) C 
Q3) D 
Q4) A 
Os): 
Q6) 

Q7) 1512 
Q8) D 
(0) © 
Ql0) B 


Qll) PVC endpoint 


Ql2) B 
Q13) B 
Ql4) D 
Qls) D 
Ql6) C,D 
Ql7) Cc 
Ql8s) D 
Q19) B 


Q20) loopback 
Q21) C 
Q22) subinterface 


Q23) frame- 
Q24) B 
Q25) D 
Q26) D 
Q27) A,C 
Q28) Cc 
Q29) A 
Q30) A,C 
Q31) A,D 
Q32) 
Q33) B 
Q34) A 
Q35) D 
Q36) B 
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Module 4| 


MPLS Virtual Private Network 
Technology 


Overview 


This module introduces Virtual Private Networks (VPNs) and two major VPN design options: 
the overlay VPN and the peer-to-peer VPN. The module also introduces VPN terminology and 
topologies, and describes Multiprotocol Label Switching (MPLS) VPN architecture and 
operations. This module details various customer edge-provider edge (CE-PE) routing options 
and Border Gateway Protocol (BGP) extensions (route targets and extended community 
attributes) that allow Internal Border Gateway Protocol (IBGP) to transport customer routes 
over a provider network. The MPLS VPN forwarding model is also covered together with how 
it integrates with core routing protocols. 


Module Objectives 


Upon completing this module, you will be able to describe the MPLS peer-to-peer architecture 
and explain the routing and packet-forwarding model in this architecture. This ability includes 
being able to meet these objectives: 


m Identify the major terminology and topology of VPNs 

m Describe the features, benefits, and drawbacks of overlay VPN and peer-to-peer VPN 
m™ Describe the characteristics of the different VPN topology categories 

m= Describe the major architectural components of MPLS VPNs 

m Identify the routing requirements for MPLS VPNs 


m Describe how packets are forwarded in an MPLS VPN environment 
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Lesson 1 | 


Introducing Virtual Private 
Networks 


Overview 


This lesson explains the concept of VPNs and the terminology introduced by MPLS VPN 
architecture. The lesson also looks at why VPNs were first introduced. 


It is important to understand the background of VPNs, because moving forward, you should be 
able to determine the need for a VPN and explain how MPLS VPNs can help save time and 
money for a customer. 


Objectives 


Upon completing this lesson, you will be able to identify the major terminology and topology 
of VPNs. This ability includes being able to meet these objectives: 


m™ Describe the connectivity of traditional router-based networks 
m™ Describe how VPNs replace the connectivity of traditional router-based networks 
m= Identify the major network elements in a VPN 


m Describe how virtual circuits are used in switched WANs to create a VPN 
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Traditional Router-Based Network Connectivity 


This topic describes the connectivity of traditional router-based networks. 


Traditional Router-Based Networks 


Traditional router-based networks connect customer 
sites through routers connected via dedicated 
point-to-point links. 


Traditional router-based networks were implemented with dedicated point-to-point links 


connecting customer sites. The cost of this approach was comparatively high for the following 
reasons: 


m= The dedicated point-to-point links prevented any form of statistical infrastructure sharing 
on the service provider side, resulting in high costs for the end user. 


m= Every link required a dedicated port on a router, resulting in high equipment costs. 
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Advantages of Virtual Private Networks 


This topic describes how the connectivity of VPNs replaces the connectivity of traditional 


router-based networks. 


Virtual Private Networks 


Virtual Circuit #1 


X 


Customer Site PE Device 


Customer Premises 


Router (CPE) Provider Edge Device — Provider Core 
(Frame Relay Switch) Device 


X 


Virtual Circuit #2 PE Device 


Service Provider Network Large Customer Site 


¢ VPNs replace dedicated point-to-point links with 
emulated point-to-point links sharing common 
infrastructure. 


| -— 
~~ 


CPE Router 


_—s 
—~ 


CPE Router Pacitles 
7; ae ‘ustomer 


] —<—— Routers 


* Customers use VPNs primarily to reduce their 


operational costs. 


I rights reserve 


VPNs were introduced very early in the history of data communications with technologies such 
as X.25 and Frame Relay, which use virtual circuits to establish the end-to-end connection over 


a shared service provider infrastructure. The following technologies, although sometimes 


considered legacy technologies and obsolete, still share these basic benefits with modern VPNs: 


m= = The dedicated links of traditional router-based networks have been replaced with a 


common infrastructure that emulates point-to-point links for the customer, resulting in 


statistical sharing of the service provider infrastructure. 


m Statistical sharing of the infrastructure enables the service provider to offer connectivity for 
a lower price, resulting in lower operational costs for the end user. 


Example: Virtual Private Networks 


The figure shows the statistical sharing, where the customer premises equipment (CPE) router 
on the left has one physical connection to the service provider and two virtual circuits 
provisioned. Virtual circuit #1 provides connectivity to the top CPE router on the right. Virtual 
circuit #2 provides connectivity to the bottom CPE router on the right. 
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4-5 


What Are VPN Network Elements? 


This topic identifies the major network elements in a VPN. 


VPN Terminology 


Customer Site 


MPLS v2.1—4-5 


There are many conceptual models and terminologies describing various VPN technologies and 
implementations. The terminology is generic enough to cover nearly any VPN technology or 
implementation and is thus extremely versatile. 


The major parts of an overall VPN solution are always the following: 


m= Provider network (P-network): The common infrastructure that the service provider uses 
to offer VPN services to customers 


= Customer network (C-network): The part of the overall customer network that is still 
exclusively under customer control 


= Customer sites: Contiguous parts of the C-network 


A typical C-network implemented with any VPN technology would contain islands of 
connectivity under customer control (customer sites) connected together via the service 
provider infrastructure (P-network). 
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VPN Terminology (Cont.) 


Customer Site 


PE device: The device in the 
P-network to which the CE devices are connected 


CE device: The device in the C-network that links 
to the P-network; also called CPE 


MPLS v2.1—4-6 


The following describes the devices that enable the overall VPN solution, which are named 
based on their position in the network: 


m The customer router that connects the customer site to the service provider network is 
called a customer edge (CE) router, or CE device. Traditionally, this device is called CPE. 


m Service provider devices to which customer devices are attached are called provider edge 
(PE) devices. In traditional switched WAN implementations, these devices would be Frame 
Relay or X.25 edge switches. 


m Service provider devices that provide only data transport across the service provider 
backbone, and have no customers attached to them, are called provider (P) devices. In 
traditional switched WAN implementations, these devices would be core (or transit) 
switches. 


Note If the connecting device is not a router but, for example, a packet assembler/disassembler 
(PAD), it is still called a CE device. 
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How Are Virtual Circuits Used in Switched 
WANs? 


This topic describes how virtual circuits are used in switched WANs to create a VPN. 


Switched WANs VPN Terminology 


CPE Router 


Ae 


Customer Premises 
Router (CPE) 


Other 


_—— Customer 
—<——_~ Routers 


[ CPE Router 


Large Customer Site 


¢ A PVC is established through out-of-band means 
(network management) and is always active. 


¢ An SVC is established through CE-PE signaling on demand from 
the CE device. 
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Switched WAN technologies introduced the virtual circuit, an emulated point-to-point link 
established across the Layer 2 infrastructure (for example, a Frame Relay network). Virtual 
circuits are further differentiated into permanent virtual circuits (PVCs), which are 
preestablished by means of network management or manual configuration, and switched virtual 
circuits (SVCs), which are established on demand through a call setup request from the CE 
device. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


Traditional router-based networks connect customer sites 
through routers connected via dedicated point-to-point links. 


VPNs replaced dedicated point-to-point links with emulated 
point-to-point links sharing a common infrastructure. 


Device names based on their position in an MPLS VPN 


network are as follows: 
—CE 

— PE 

—P 


A PVC is pre-established and is always active. An SVC is 
established through CE-PE signaling on demand from the CE 
device. 
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Lesson 2 | 


Introducing Overlay and Peer- 
to-Peer VPNs 


Overview 


This lesson explains the differences between the overlay and peer-to-peer VPN models, how 
they are implemented, and the benefits and drawbacks of each implementation. The lesson also 
discusses the various virtual networking concepts. 


It is important to understand the different types of VPNs, and how each one is used. This 
understanding will allow you to recognize where the various types of VPNs would be best used 
in their associated networks. 


Objectives 


Upon completing this lesson, you will be able to describe the differences between overlay 
VPNs and peer-to-peer VPNs, explaining their implementation, benefits, and drawbacks. This 
ability includes being able to meet these objectives: 


Identify the two major VPN implementation technologies 
Describe the implementation techniques for overlay VPNs 
Describe the implementation techniques for peer-to-peer VPNs 
Describe the benefits of each type of VPN model 

Describe the drawbacks of each VPN model 

Describe the drawbacks of the traditional peer-to-peer VPN model 
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What Are the VPN Implementation Technologies? 


This topic describes the two major VPN implementation technologies. 


VPN Implementation Beenie ic] 


VPN services can be offered based on two 
major models: 
° Overlay VPNs, in which the service provider 


provides virtual point-to-point links between 
customer sites 


* Peer-to-peer VPNs, in which the service provider 
participates in the customer routing 


Traditional VPN implementations were all based on the overlay model, in which the service 
provider sold virtual circuits between customer sites as a replacement for dedicated point-to- 
point links. The overlay model had a number of drawbacks, which are identified in this lesson. 
To overcome these drawbacks (particularly in IP-based customer networks), a new model 
called the peer-to-peer VPN was introduced. In this model, the service provider actively 
participates in customer routing. 
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What Are the Overlay VPN Implementation 
Techniques? 


This topic describes the implementation techniques for overlay VPNs. 


Overlay VPNs: 
Layer 1 Implementation 


X.25 Frame Relay 


This is the traditional TDM solution: 


¢ Service provider establishes physical-layer connectivity 
between customer sites. 


* Customer is responsible for all higher layers. 


In the Layer 1 overlay VPN implementation, the service provider sells Layer | circuits (bit 
pipes) implemented with technologies such as ISDN, digital service zero (DSO), E1, T1, 
Synchronous Digital Hierarchy (SDH), or SONET. The customer is responsible for Layer 2 


encapsulation between customer devices and the transport of IP data across the infrastructure. 
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Overlay VPNs: 
Layer 2 Implementation 


This is the traditional switched WAN solution: 


° The service provider establishes Layer 2 virtual circuits 
between customer sites. 


¢ The customer is responsible for all higher layers. 


A Layer 2 VPN implementation is the traditional switched WAN model, implemented with 
technologies such as X.25, Frame Relay, ATM, and Switched Multimegabit Data Service 
(SMDS). The service provider is responsible for transport of Layer 2 frames between customer 
sites, and the customer is responsible for all higher layers. 
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Overlay VPNs: 
Frame Relay Example 


Customer Site C Customer Site 
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Example: Overlay VPS—Frame Relay 


The figure shows a typical overlay VPN implemented by a Frame Relay network. The customer 
needs to connect three sites to site A (central site, or hub) and orders connectivity between site 
A (hub) and site B (spoke), between site A and site C (spoke), and between site A and site D 
(spoke). The service provider implements this request by providing two PVCs across the Frame 
Relay network. 


Note The implementation displayed in this example does not provide full connectivity. Data flow 
between spoke sites is through the hub. 
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Overlay VPNs: 
IP Tunneling 


VPN is implemented with IP-over-IP tunnels: 
* Tunnels are established with GRE or IPSec. 


* GRE is simpler (and quicker); IPSec provides 
authentication and security. 


With the success of IP and associated technologies, some service providers started to 
implement pure IP backbones to offer VPN services based on IP. In other cases, customers 
wanted to take advantage of the low cost and universal availability of the Internet to build low- 
cost private networks over it. 


Whatever the business reasons behind it, Layer 3 VPN implementations over the IP backbone 
always involve tunneling—encapsulation of protocol units at a certain layer of the Open 
Systems Interconnection (OSI) reference model into protocol units at the same or higher layer 
of the OSI model. 


Two well-known tunneling technologies are IP Security (IPSec) and generic routing 
encapsulation (GRE). GRE is fast and simple to implement and supports multiple routed 
protocols, but it provides no security and is thus unsuitable for deployment over the Internet. 
An alternative tunneling technology is IPSec, which provides network layer authentication and 
optional encryption to make data transfer over the Internet secure. IPSec supports only the IP 
routed protocol. 
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Overlay VPNs: 
Layer 2 Forwarding 


° VPN is implemented with PPP-over-IP tunnels. 


* VPN is usually used in access environments 
(dialup, digital subscriber line). 


Yet another tunneling technique was first implemented in dialup networks, where service 
providers wanted to tunnel customer dialup data encapsulated in PPP frames over an IP 
backbone to the customer central site. To make the service provider transport transparent to the 
customer, PPP frames are exchanged between the customer sites (usually a dialup user and a 
central site) and the customer is responsible for establishing Layer 3 connectivity above PPP. 


The following are three well-known PPP forwarding implementations: 
m Layer 2 Forwarding Protocol (L2F Protocol) 


m Layer 2 Tunneling Protocol (L2TP) 
m Point-to-Point Tunneling Protocol (PPTP) 
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Overlay VPNs: 
Layer 3 Routing 


Router A 


Ee 
Router B Router C RouterD & 


¢ The service provider infrastructure appears as point-to- 
point links to customer routes. 


¢ Routing protocols run directly between customer 
routers. 


¢ The service provider does not see customer routes and 
is responsible only for providing point-to-point transport 
of customer data. 
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From the Layer 3 perspective, the P-network is invisible to the customer routers, which are 
linked with emulated point-to-point links. The routing protocol runs directly between customer 
routers that establish routing adjacencies and exchange routing information. 


The service provider is not aware of customer routing and has no information about customer 
routes. The responsibility of the service provider is purely the point-to-point data transport 
between customer sites. 


4-18 Implementing Cisco MPLS (MPLS) v2.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


What Are the Implementation Techniques for 
Peer-to-Peer VPNs? 


This topic describes the implementation techniques for peer-to-peer VPNs. 


Peer-to-Peer VPNs 
ee OOOO EE ee (Cisco.com | 


Routing information is exchanged 
between CE and PE routers. 


Service Provider Network 
Customer Site Customer Site 


—_ = 
—~ ——~ 


Router A Router C 


Customer Site 


Router B 


PE routers exchange 
customer routes through 
the core network. 


Finally, the customer routes propagated 
through the PE network are sent to other 
CE routers. 


The overlay VPN model has a number of drawbacks, most significantly the need for customers 
to establish point-to-point links or virtual circuits between sites. The formula to calculate how 
many point-to-point links or virtual circuits are needed in the worst case is ([][n-1])/2, where n 
is the number of sites to be connected. For example, if you need to have full mesh connectivity 
between four sites, you will need a total of six point-to-point links or virtual circuits. To 
overcome this drawback and provide the customer with optimum data transport across the 
service provider backbone, the peer-to-peer VPN concept was introduced. Here, the service 
provider actively participates in customer routing, accepting customer routes, transporting those 
customer routes across the service provider backbone, and finally propagating them to other 
customer sites. 
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Peer-to-Peer VPNs: 
Packet Filters 
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Service Provider Network 
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The POP router carries 
all customer routes. 


Isolation between customers is 
achieved with packet filters on 
PE-to-CE interfaces. 
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The first peer-to-peer VPN solutions appeared with the widespread deployment of IP in service 
provider networks. Architectures similar to that of the Internet were used to build them. Special 
provisions were taken into account to transform the architecture, which was targeted toward 
public backbones (Internet), into a solution in which customers would be totally isolated and be 
able to exchange corporate data securely. 


The more common peer-to-peer VPN implementation allowed a PE router to be shared between 
two or more customers. Packet filters were used on the shared PE routers to isolate the 
customers. In this implementation, it was common for the service provider to allocate a portion 
of its address space to each customer and manage the packet filters on the PE routers to ensure 
full reachability between sites of a single customer and isolation between separate customers. 
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Peer-to-Peer VPNs: 


Controlled Route Distribution 
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of routing information on the PE router. 
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Maintaining packet filters is a mundane and error-prone task. Some service providers have thus 
implemented more innovative solutions based on controlled route distribution. In this approach, 
the customer has a dedicated PE router. The core service P routers contain all customer routes, 
and the dedicated PE routers contain only the routes of a single customer. This approach 
requires a dedicated PE router per customer per point of presence (POP). Customer isolation is 
achieved solely through lack of routing information on the PE router. 


Example: Controlled Route Distribution 


In the figure, the PE router for customer A, using route filtering between the P router and the 
PE routers, learns only routes belonging to customer A, and the PE router for customer B learns 
only routes belonging to customer B. BGP with BGP communities is usually used inside the 
provider backbone, because it offers the most versatile route-filtering tools. 


Note Default routes used anywhere in the C-network or P-network break isolation between 
customers and have to be avoided. 
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What Are the Benefits of VPN Implementations? 


This topic describes the benefits of each type of MPLS VPN implementation. 


Benefits of VPN Implementations 
a |) | 


° Overlay VPN: 
— Well-known and easy to implement 


— Service provider does not participate in customer 
routing 


— Customer network and service provider network are 
well-isolated 


¢ Peer-to-peer VPN: 


— Guarantees optimum routing between customer 
sites 


— Easier to provision an additional VPN 


— Only sites provisioned, not links between them 


Each VPN model has a number of benefits. For example, overlay VPNs have the following 
advantages: 


m Overlay VPNs are well-known and easy to implement from both customer and service 
provider perspectives. 


m The service provider does not participate in customer routing, making the demarcation 
point between service provider and customer easier to manage. 

On the other hand, peer-to-peer VPNs provide the following: 

= Optimum routing between customer sites without any special design or configuration effort 


m Easy provisioning of additional VPNs or customer sites, because the service provider 
provisions only individual sites, not the links between individual customer sites 
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What Are the Drawbacks of VPN 
Implementations? 


This topic describes the drawbacks of each VPN implementation model. 


Drawbacks of VPN Implementations 


¢ Overlay VPN: 


— Implementing optimum routing requires a full mesh of 
virtual circuits. 


— Virtual circuits have to be provisioned manually. 
— Bandwidth must be provisioned on a site-to-site basis. 
— Overlay VPNs always incur encapsulation overhead. 
¢ Peer-to-peer VPN: 
— The service provider participates in customer routing. 


— The service provider becomes responsible for customer 
convergence. 


— PE routers carry all routes from all customers. 
— The service provider needs detailed IP routing knowledge. 
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Each VPN model also has a number of drawbacks. Overlay VPNs have the following 
disadvantages: 


m Overlay VPNs require a full mesh of virtual circuits between customer sites to provide 
optimum intersite routing. 


= All virtual circuits between customer sites have to be provisioned manually, and the 
bandwidth must be provisioned on a site-to-site basis (which is not always easy to achieve). 


m The IP-based overlay VPN implementations (with IPSec or GRE) incur high encapsulation 
overhead—ranging from 20 bytes (B) to 80 B per transported datagram. 


The major drawbacks of peer-to-peer VPNs arise from service provider involvement in 
customer routing, such as the following: 


m The service provider becomes responsible for correct customer routing and for fast 
convergence of the C-network following a link failure. 


m The service provider PE routers have to carry all customer routes that were hidden from the 
service provider in the overlay VPN model. 


m The service provider needs detailed IP routing knowledge, which is not readily available in 
traditional service provider teams. 


Copyright © 2004, Cisco Systems, Inc. MPLS Virtual Private Network Technology 4-23 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


What Are the Drawbacks of Traditional Peer-to- 
Peer VPNs? 


This topic describes the drawbacks of the traditional peer-to-peer VPN implementation model. 


Drawbacks of Traditional 
Peer-to-Peer VPNs 


¢ Shared PE router: 


— All customers share the same 
(provider-assigned or public) address space. 


—High maintenance costs are associated with 
packet filters. 


— Performance is lower—each packet has to pass 
a packet filter. 


¢ Dedicated PE router: 


—All customers share the same address space. 


—Each customer requires a dedicated router at 
each POP. 


MPLS v2.1—4-15 


Pre-MPLS VPN implementations or peer-to-peer VPNs all share a common drawback. 
Customers have to share the same global address space, either using their own public IP 
addresses or relying on provider-assigned IP addresses. In both cases, connecting a new 
customer to a peer-to-peer VPN service usually requires IP renumbering inside the 
C-network—an operation most customers are reluctant to perform. 


Peer-to-peer VPNs based on packet filters also incur high operational costs associated with 
packet filter maintenance and performance degradation because of heavy use of packet filters. 


Peer-to-peer VPNs implemented with per-customer PE routers are easier to maintain and can 
provide optimum routing performance, but they are usually more expensive because every 
customer requires a dedicated router in every POP. Thus, this approach is usually used if the 
service provider has only a small number of large customers. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


° The two major VPN models are overlay VPN and 
peer-to-peer VPN. 


¢ Overlay VPNs can be implemented using 
Layer 1, Layer 2, and Layer 3 technologies. 


¢ Traditional peer-to-peer VPNs are implemented 
using IP routing technology. 


* Overlay VPNs use well-known technologies and 
are easy to implement. Peer-to-peer VPNs 
guarantee optimum routing between customer 
sites. 
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Summary (Cont.) 


° Overlay VPN virtual circuits must be provisioned 
manually. Peer-to-peer VPNs require that the 
service provider participate in customer routing. 


¢ Both shared PE router and dedicated PE router 
implementations of peer-to-peer VPNs require 
customers to share a common address space. 
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Lesson 3 | 


Categorizing VPNs 


Overview 


This lesson explains the different VPN topology categories, taking a closer look at each 
topology type and how VPNs can be categorized based on business need or connectivity 
requirement. 


It is important to understand the different categories of VPNs and to know into which 
environments those VPNs can be applied. 


Objectives 


Upon completing this lesson, you will be able to describe the characteristics of the different 
VPN topology categories. This ability includes being able to meet these objectives: 


Identify the major categories of the overlay VPN topology 

Describe the characteristics of the hub-and-spoke overlay VPN topology 

Describe the characteristics of the partial mesh overlay VPN topology 

Identify the major components of the VPN business category 

Describe the characteristics of the extranet component of the VPN business category 
Identify the major components of the VPN connectivity category 


Describe the characteristics of the central services extranet component of the VPN 
connectivity category 


Describe the characteristics of the managed network component of the VPN connectivity 
category 
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What Are the Overlay VPN Categories? 


This topic identifies the major categories of the overlay VPN topology. 


4-28 


Overlay VPN Topology Categories 


Overlay VPNs are categorized based on the 
topology of the virtual circuits: 


* (Redundant) hub-and-spoke 
* Partial mesh 
° Full mesh 


° Multilevel—combines several levels of overlay VPN 
topologies 


The oldest VPN category is based on the topology of point-to-point links in an overlay VPN 
implementation. Some VPN categories are as follows: 


Hub-and-spoke: The hub-and-spoke topology is the ultimate reduction of the partial mesh 
topology; many sites (spokes) are connected only with the central site(or sites), or hub 
(hubs), with no direct connectivity between the spokes. To prevent single points of failure, 
the hub-and-spoke topology is sometimes extended to a redundant hub-and-spoke 
topology. 


Full mesh: The full mesh topology provides a dedicated virtual circuit between any two 
CE routers in the network. 


Partial mesh: The partial mesh topology reduces the number of virtual circuits, usually to 
the minimum number that provides optimum transport between major sites. 


Large networks usually deploy a layered combination of these technologies. Here are some 


examples: 

m Partial mesh in the network core 

™ Redundant hub-and-spoke topology for larger branch offices (spokes) connected to 
distribution routers (hubs) 

m= Simple hub-and-spoke topology for noncritical remote locations (for example, home 


offices) 
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What Is the Hub-and-Spoke Overlay VPN 
Topology? 


This topic describes the characteristics of the hub-and-spoke overlay VPN topology category. 


Hub-and-Spoke Overlay VPN Topology 
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The hub-and-spoke topology is the simplest overlay VPN topology—all remote sites are linked 
with a single virtual circuit to a central CE router. The routing is also extremely simple—static 
routing or a distance vector protocol such as Routing Information Protocol (RIP) is more than 
adequate. If a dynamic routing protocol such as RIP is used, split-horizon updates must be 
disabled at the hub router or point-to-point subinterfaces must be used at the hub router to 
overcome the split-horizon problem. 
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Hub-and-Spoke Overlay VPN Topology: 
Redundant Hub-and-Spoke Topology 


Remote Site (Spoke) 


Central Site z= 


Remote Site (Spoke) 


>_——s— 


Remote Site (Spoke) 


as 
wen 


© 2004 Cisco Systems, Inc. All rights reserved. MPLS v2.1—4-5 


A typical redundant hub-and-spoke topology introduces central site redundancy (more complex 
topologies might also introduce router redundancy at spokes). 


Each remote site is linked with two central routers via two virtual circuits. The two virtual 
circuits can be used for load sharing or in a primary with backup configuration. 
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What Is the Partial Mesh Overlay VPN Topology? 


This topic describes the characteristics of the partial mesh overlay VPN topology. 


Partial Mesh Overlay VPN Topology 
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A partial mesh topology is used in environments where cost or complexity factors prevent a full 
mesh topology between customer sites. The virtual circuits in a partial mesh topology can be 
established based on the following wide range of criteria: 


m Traffic pattern between sites 
m Availability of physical infrastructure 


= Cost considerations 
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What Are the VPN Business Categories? 


This topic describes how VPNs can be categorized based on business needs. 


VPN Business Category 


VPNs can be categorized on the business 
needs that they fulfill: 


° Intranet VPN connects sites within an 
organization. 


* Extranet VPN connects different organizations in 
a secure way. 


* Access VPN (VPDN) provides dialup access into 
a customer network. 


Here is a list of some very popular VPN categories that classify VPNs based on the business 
needs that they fulfill: 


= Intranet VPN: Intranet VPNs connect sites within an organization. Security mechanisms 
are usually not deployed in an intranet, because all sites belong to the same organization. 


m Extranet VPN: Extranet VPNs connect different organizations. Extranets usually rely on 
security mechanisms to ensure the protection of participating individual organizations. 
Security mechanisms are usually the responsibility of individual participating 
organizations. 


m Access VPN: Access VPNs are virtual private dial-up networks (VPDNs) that provide 
dialup access into a customer network. 
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What Are Extranet VPNs? 


This topic describes the characteristics of the extranet component of the VPN business 
category. 


Extranet VPNs: 
Overlay VPN Implementation 
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In an overlay implementation of an extranet, organizations are linked with dedicated virtual 
circuits. 


Example: Overlay VPN—Extranet VPNs 


This figure illustrates an overlay VPN implementation of an extranet. Traffic between two 
organizations can flow only if one of the following conditions is met: 


m There is a direct virtual circuit between the organizations. 


mA third organization linked with both organizations is willing to provide transit traffic 
capability to those organizations. Because establishing virtual circuits between two 
organizations is always associated with costs, the transit traffic capability is almost never 
granted free of charge. 
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Example: Peer-to-Peer VPN—Extranet VPNs 


This figure illustrates a peer-to-peer VPN implementation of an extranet. 


Extranet VPNs: 
Peer-to-Peer VPN Implementation 
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Peer-to-peer VPN implementation of an extranet VPN is very simple compared with overlay 
VPN implementation—all sites are connected to the P-network, and optimum routing between 
sites is enabled by default. 


The cost model of peer-to-peer implementation is also simpler—usually every organization 
pays its connectivity fees for participation in the extranet and gets full connectivity to all other 
sites. 
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What Is the VPN Connectivity Category? 


This topic identifies the major components of the VPN connectivity category. 


VPN Connectivity Category 


VPNs can also be categorized according to 
the connectivity required between sites: 


* Simple VPN: Every site can communicate with 
every other site. 


¢ Overlapping VPNs: Some sites participate in more 
than one simple VPN. 


¢ Central services VPN: All sites can communicate 
with central servers but not with each other. 


* Managed network: A dedicated VPN is established 
to manage CE routers. 
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The VPNs discussed so far have usually been very simple in terms of connectivity, as described 
here: 


= In most cases, full connectivity between sites is required. (In an overlay implementation of 
either an intranet or extranet VPN, this requirement usually means that a common site acts 
as a transit site). 


m Inan overlay implementation of an extranet VPN, the connectivity is limited to sites that 
have direct virtual circuits established between them. 


The following describes a number of advanced VPN topologies with more complex 
connectivity requirements: 


= Overlapping VPNs, in which a site participates in more than one VPN 


m Central services VPNs, in which the sites are split into two classes: server sites, which can 
communicate with all other sites, and client sites, which can communicate only with the 
servers, not with other clients 


m Network management VPNs, which are used to manage CE devices in scenarios where the 
service provider owns and manages the devices 


Copyright © 2004, Cisco Systems, Inc. MPLS Virtual Private Network Technology 4-35 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


What Is the Central Services Extranet? 


This topic describes the characteristics of the central services extranet component of the VPN 
connectivity category. 


Central Services Extranet 
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A central services extranet can implement international Voice over IP (VoIP) service. 


Example: Central Services Extranet 


The figure illustrates this example. Every customer of this service can access voice gateways in 
various countries but cannot access other customers using the same service. 
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Example: Hybrid Implementation 


The network diagram shows an interesting scenario in which peer-to-peer VPN and overlay 
VPN implementation can be used together to provide end-to-end service to the customer. 
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MPLS v2.1—4-12 


The VoIP service is implemented with a central services extranet topology, which is in turn 
implemented with a peer-to-peer VPN. Connectivity between PE routers in the peer-to-peer 
VPN and customer routers is implemented with an overlay VPN based on Frame Relay. The PE 
routers of the peer-to-peer VPN and the CE routers act as CE devices of the Frame Relay 


network. 
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What Is a Managed Network Implementation? 


This topic describes the characteristics of the managed network component of the VPN 
connectivity category. 


Managed Network 
Overlay VPN Implementation 
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A managed network VPN is traditionally implemented in combination with overlay VPN 
services. Dedicated virtual circuits are deployed between any managed CE router and the 
central network management system (NMS) router to which the NMS is connected. 


This managed network VPN implementation is sometimes called a “rainbow” implementation 
because the physical link between the NMS router and the core of the service provider network 
carries a number of virtual circuits—one circuit per managed router. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


* There are four major VPN topologies: hub-and- 
spoke, partial mesh, full mesh, and multilevel. 


° In the hub-and-spoke topology, all remote sites are 
linked with a central CE router via virtual circuits. 
More than one virtual circuit is used in this 
topology. 


¢ A partial mesh topology is used in environments 
where cost or complexity factors prevent a full 
mesh topology between customer sites. 


* There are three VPN business categories: intranet 
VPN, extranet VPN, and access VPN. 
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Summary (Cont.) 


° In an extranet VPN, organizations are linked with 
dedicated virtual circuits. 


¢ There are four VPN connectivity categories: simple 
VPN, overlapping VPN, central service VPN, and 
managed network. 


¢ Acentral services extranet enables customers to 
access common servers for services. 


* Managed networks allow customer CE devices to 
be owned and managed by the service provider. 
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Lesson 4| 


Introducing MPLS VPN 
Architecture 


Overview 


This lesson explains the MPLS VPN architecture, route information propagation, route 
distinguishers (RDs), route targets (RTs), and virtual routing tables. 


It is important to understand how the MPLS VPN architecture is structured, what the 
components of that architecture are, and how the components are used. This knowledge will 
help later when you begin to look at design issues and configuration parameters. 


Objectives 


Upon completing this lesson, you will be able to describe the major architectural components of 
an MPLS VPN. This ability includes being able to meet these objectives: 


Describe the features of the MPLS VPN architecture 

Describe the architecture of a PE router in an MPLS VPN 

Describe the different methods of propagating routing information across the P-network 
Describe the features of route distinguishers 

Describe the features of route targets 

Describe how complex VPNs have redefined the meaning of VPNs 


Describe the impact of complex VPN topologies on virtual routing tables 


The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


What Is the MPLS VPN Architecture? 


This topic describes the features of the MPLS VPN architecture. 


MPLS VPN Architecture 


An MPLS VPN combines the best features of 
an overlay VPN and a peer-to-peer VPN: 


¢ PE routers participate in customer routing, 
guaranteeing optimum routing between sites and 
easy provisioning. 


* PE routers carry a separate set of routes for each 
customer (similar to the dedicated PE router 
approach). 


¢ Customers can use overlapping addresses. 


The MPLS VPN architecture offers service providers a peer-to-peer VPN architecture that 
combines the best features of overlay VPNs (support for overlapping customer address spaces) 
with the best features of peer-to-peer VPNs. The following describes these characteristics: 


= PErouters participate in customer routing, guaranteeing optimum routing between 
customer sites. 


m= PE routers carry a separate set of routes for each customer, resulting in perfect isolation 
between customers. 


m™ Customers can use overlapping addresses. 
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MPLS VPN Architecture: 
Terminology 
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MPLS VPN terminology divides the overall network into a customer-controlled part (the C- 


Customer B 
Site #2 


Customer B 
Site #4 
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network) and a provider-controlled part (the P-network). Contiguous portions of the C-network 
are called sites and are linked with the P-network via CE routers. The CE routers are connected 
to the PE routers, which serve as the edge devices of the P-network. The core devices in the P- 
network, the P routers, provide transit transport across the provider backbone and do not carry 


customer routes. 
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4-43 


What Is the Architecture of a PE Router in an 
MPLS VPN? 


This topic describes the architecture of a PE router in an MPLS VPN. 


PE Router Architecture 


Virtual Router for Virtual Router for 


Customer A Customer A Global 
Site #1 
~~ 


eugene - Virtual IP Routing Global IP P Router 
Table for Customer A Routing Table 


Customer A Virtual Router for MPLS VPN architecture is very similar 
Site #3 Customer B to the dedicated PE router peer-to-peer 
model, but the dedicated per-customer 
routers are implemented as virtual 
routing tables within the PE router. 


Customer B 


Site #1 Virtual IP Routing 


Table for Customer B PE Router 
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The architecture of a PE router in an MPLS VPN is very similar to the architecture of a POP in 
the dedicated PE router peer-to-peer model. The only difference is that the whole architecture is 
condensed into one physical device. Each customer is assigned an independent routing table 
(virtual routing table) that corresponds to the dedicated PE router in the traditional peer-to-peer 
model. Routing across the provider backbone is performed by another routing process that uses 
a global IP routing table corresponding to the intra-POP P router in the traditional peer-to-peer 


model. 

Note Cisco IOS software implements isolation between customers via virtual routing and 
forwarding tables. The whole PE router is still configured and managed as a single device, 
not as a set of virtual routers. 

4-44 Implementing Cisco MPLS (MPLS) v2.1 Copyright © 2004, Cisco Systems, Inc. 


The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


What Are the Methods of Propagation Across the 
P-Network? 


This topic describes the different methods of propagating routing information across the P- 
network. 


Propagation of Routing Information 
Across the P-Network 


IGP for Customer A IGP for Customer A 
IGP for Customer B IGP for Customer B 


IGP for Customer C IGP for Customer C 
Customer A 


V, 


Customer B PE Router X P Router 
P-Network 


Customer C IGP = Interior Gateway Protocol Customer C 


Question: How will PE routers exchange customer routing information? 
Answer #1: Run a dedicated IGP for each customer across the P-network. 


This is the wrong answer for the following reasons: 
* The solution does not scale. 
¢ P routers carry all customer routes. 
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Although virtual routing tables provide isolation between customers, the data from these 
routing tables still needs to be exchanged between PE routers to enable data transfer between 
sites attached to different PE routers. Therefore, a routing protocol is needed that will transport 
all customer routes across the P-network, while maintaining the independence of individual 
customer address spaces. 


An obvious solution, implemented by various VPN vendors, is to run a separate routing 
protocol for each customer. There are two common implementations. Both require a per- 
customer routing protocol be run between PE routers. In one implementation, the P routers 
participate in customer routing and pass the customer routing information between PE routers. 
In the other implementation, the PE routers are connected via point-to-point tunnels, for 
example IPSEC, thereby hiding the customer routing from the P routers. 


This solution, although very simple to implement (and often used by some customers), is not 
appropriate in service provider environments because it simply does not scale. The specific 
problems are as follows: 


m The PE routers have to run a large number of routing protocols. 


m The P routers have to carry all customer routes. 
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Propagation of Routing Information 


Across the P-Network (Cont.) 
en 


Customer C 


Question: How will PE routers exchange customer routing information? 


Answer #2: Run a single routing protocol that will carry all customer routes 
inside the provider backbone. 


Better answer, but still not good enough: 
¢ P routers carry all customer routes. 
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A better approach to the route propagation problem is to deploy a single routing protocol that 
can exchange all customer routes across the P-network. Although this approach is better than 
the previous one, the P routers are still involved in customer routing; therefore, the proposal 
retains some of the same scalability issues of the previous one. 
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Propagation of Routing Information 


Across the P-Network (Cont.) 
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A dedicated routing protocol used 
to carry customer routes between PE routers 


ustomer A 


Customer B PE Router X P Router Customer B 


P-Network 


Customer C Customer C 


Question: How will PE routers exchange customer routing information? 


Answer #3: Runa single routing protocol that will carry all customer routes 
between PE routers. Use MPLS labels to exchange packets 
between PE routers. 


The best answer: 
* Prouters do not carry customer routes; the solution is scalable. 


inc. All rights reserve MPLS v2.1—4-8 


The best solution to the customer route propagation issue is to run a single routing protocol 
between PE routers that will exchange all customer routes without the involvement of the P 
routers. This solution is scalable. Some of the benefits of this approach are as follows: 


m= The number of routing protocols running between PE routers does not increase with an 
increasing number of customers. 


m The P routers do not carry customer routes. 
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Propagation of Routing Information 


Across the P-Network (Cont.) 
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A dedicated routing protocol used 


to carry customer routes between PE routers 
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Customer B PE Router X P Router Customer B 


P-Network 


Customer C Customer C 


Question: Which protocol can be used to carry customer routes between 
PE routers? 


Answer: The number of customer routes can be very large. BGP is the only 
routing protocol that can scale to a very large number of routes. 


Conclusion: 
BGP is used to exchange customer routes directly between PE routers. 
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The next design decision to be made is the choice of the routing protocol running between PE 
routers. Given that the total number of customer routes is expected to be very large, the only 
well-known protocol with the required scalability is BGP. In fact, BGP is used in MPLS VPN 
architecture to transport customer routes directly between PE routers. 
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Propagation of Routing Information 


Across the P-Network (Cont.) 
eee Cisco.com | 


A dedicated routing protocol used 
to carry customer routes between PE routers 
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Question: How will information about the overlapping subnetworks of two 
customers be propagated via a single routing protocol? 


Answer: Extend the customer addresses to make them unique. 
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MPLS VPN architecture differs in an important way from traditional peer-to-peer VPN 
solutions—the support of overlapping customer address spaces. 


With the deployment of a single routing protocol (BGP) exchanging all customer routes 
between PE routers, an important issue arises: how can BGP propagate several identical 
prefixes, belonging to different customers, between PE routers? 


The only solution to this dilemma is the expansion of customer IP prefixes with a unique prefix 
that makes them unique even if they had previously overlapped. A 64-bit prefix called the RD 
is used in MPLS VPNs to convert nonunique 32-bit customer addresses into 96-bit unique 
addresses that can be transported between PE routers. 
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What Are Route Distinguishers? 


This topic describes the features of RDs. 


Route Distinguishers 


° The 64-bit route distinguisher is prepended to an 
IPv4 address to make it globally unique. 


° The resulting address is a VPNv4 address. 


¢ VPNv4 addresses are exchanged between PE 
routers via BGP. 


— BGP that supports address families other than 
IPv4 addresses is called Multiprotocol BGP. 


The RD is used only to transform nonunique 32-bit customer IP version 4 (IPv4) addresses into 
unique 96-bit VPNv4 addresses (also called VPN IPv4 addresses). 


VPNV4 addresses are exchanged only between PE routers; they are never used between CE 
routers. BGP between PE routers must therefore support the exchange of traditional IPv4 
prefixes and the exchange of VPNV4 prefixes. A BGP session between PE routers is 
consequently called a Multiprotocol BGP (MP-BGP) session. 


Note Initial MPLS VPN implementation in Cisco IOS software supports only MPLS VPN services 
within a single autonomous system (AS). In such a scenario, the BGP session between PE 
routers is always an IBGP session. 
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Route Distinguishers (Cont.) 


A 64-bit RD is prepended to the 
customer IPv4 prefix to make 

it globally unique, resulting ina 
96-bit VPNv4 prefix. 


A 96-bit VPNV4 prefix is propagated 
via MP-BGP to the other PE router. 


Customer A 
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Customer route propagation across an MPLS VPN network is done using the following 
process: 


Step 1 The CE router sends an [Pv4 routing update to the PE router. 


Step 2 The PE router prepends a 64-bit RD to the IPv4 routing update, resulting in a 
globally unique 96-bit VPNv4 prefix. 


Step 3 The VPNV4 prefix is propagated via a Multiprotocol Internal Border Gateway 
Protocol (MP-IBGP) session to other PE routers. 
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Route Distinguishers (Cont.) 


The RD is removed from the 
VPNV4 prefix, resulting ina 
32-bit IPv4 prefix. 


Customer A 


Customer B 


MPLS v2.1—4-13 


Step 4 The receiving PE routers strip the RD from the VPNV4 prefix, resulting in an IPv4 
prefix. 


Step 5 The IPv4 prefix is forwarded to other CE routers within an IPv4 routing update. 
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Route Distinguishers: 


Usage in an MPLS VPN 
re 


¢ The RD has no special meaning. 


¢ The RD is used only to make potentially 
overlapping IPv4 addresses globally unique. 


* The RD is used as a VPN identifier, but this design 


could not support all topologies required by the 
customers. 
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The RD has no special meaning or role in MPLS VPN architecture; its only function is to make 
overlapping IPv4 addresses globally unique. 


Note Because there has to be a unique one-to-one mapping between RD and virtual routing and 
forwarding instances (VRFs), the RD could be viewed as the virtual routing and forwarding 
(VRF) identifier in the Cisco implementation of an MPLS VPN. 


The RD is configured at the PE router as part of the setup of the VPN site. The RD is not 
configured on the CPE and is not visible to the customer. 


Simple VPN topologies require only one RD per customer, raising the possibility that the RD 
could serve as a VPN identifier. This design, however, would not allow implementation of 
more complex VPN topologies, such as when a customer site belongs to multiple VPNs. 
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What Are Route Targets? 


This topic describes the features of RTs. 


Route Targets: 
VoIP Service Sample 


re ns GCN | 
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Requirements: 


Customer 
Site 2 


° All sites of one customer need to communicate. 


° Central sites of both customers need to communicate with VoIP 
gateways and other central sites. 


¢ Other sites from different customers do not communicate with each 
other. 
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To illustrate the need for a more versatile VPN indicator than the RD, consider the VoIP 
service. 


Example: VoIP Service Sample 


The figure illustrates the need for a more versatile VPN indicator than the RD. The connectivity 
requirements of the VoIP service are as follows: 


m All sites of a single customer need to communicate. 


m The central sites of different customers subscribed to the VoIP service need to 
communicate with the VoIP gateways (to originate and receive calls in the public voice 
network) and also with other central sites to exchange intercompany voice calls. 


Note Additional security measures would have to be put in place at central sites to ensure that the 
central sites exchange only VoIP calls with other central sites. Otherwise, the corporate 


network of a customer could be compromised by another customer who is using the VoIP 
service. 
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Example: Connectivity Requirements 


The connectivity requirements of the VoIP service are illustrated in the figure. 


Route Targets: 
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Three VPNs are needed to implement the desired connectivity: two customer VPNs and a 
shared VoIP VPN. Central customer sites participate in the customer VPN and in the VoIP 


VPN. 
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Route Targets: 
Why Are They Needed? 


* Some sites have to participate in more than 
one VPN. 

* The RD cannot identify participation in more than 
one VPN. 

¢ RTs were introduced in the MPLS VPN architecture 
to support complex VPN topologies. 


—A different method is needed in which a set of 
identifiers can be attached to a route. 


The RD (again, a single entity prepended to an IPv4 route) cannot indicate that a site 
participates in more than one VPN. A method is needed in which a set of VPN identifiers can 
be attached to a route to indicate its membership in several VPNs. 


RTs were introduced into the MPLS VPN architecture to support this requirement. 
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Route Targets: 


What Are They? 
isc cr 


° RTs are additional attributes attached to VPNv4 
BGP routes to indicate VPN membership. 


e Extended BGP communities are used to encode 
these attributes. 


— Extended communities carry the meaning of the 
attribute together with its value. 


* Any number of RTs can be attached to a single 
route. 


RTs are attributes that are attached to a VPNv4 BGP route to indicate its VPN membership. 
The extended BGP communities of routing updates are used to carry the RT of that update, thus 
identifying to which VPN the update belongs. 


As with standard BGP communities, a set of extended communities can be attached to a single 
BGP route, satisfying the requirements of complex VPN topologies. 


Extended BGP communities are 64-bit values. The semantics of the extended BGP community 
are encoded in the high-order 16 bits of the value, making those bits useful for a number of 
different applications, such as MPLS VPN RTs. 
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Route Targets: 


How Do They Work? 
ee ee 


° Export RTs: 
—Identifying VPN membership 


— Appended to the customer route when it is 
converted into a VPNv4 route 


¢ Import RTs: 
— Associated with each virtual routing table 


— Select routes to be inserted into the virtual 
routing table 


MPLS VPN RTs are attached to a customer route at the moment that it is converted from an 
IPv4 route to a VPNV4 route by the PE router. The RTs attached to the route are called export 
RTs and are configured separately for each virtual routing table in a PE router. Export RTs 
identify a set of VPNs in which sites associated with the virtual routing table belong. 


When the VPNV4 routes are propagated to other PE routers, those routers need to select the 
routes to import into their virtual routing tables. This selection is based on import RTs. Each 
virtual routing table in a PE router can have a number of configured import RTs that identify 
the set of VPNs from which the virtual routing table is accepting routes. 


In overlapping VPN topologies, RTs are used to identify VPN membership. Advanced VPN 
topologies (for example, central services VPNs) use RTs in more complex scenarios. 
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What Is the New Meaning of VPNs? 


This topic describes how complex VPNs have redefined the meaning of VPNs. 


Virtual Private Networks Redefined 


With the introduction of complex VPN 
topologies, VPNs have had to be redefined: 


* AVPN is acollection of sites sharing common 
routing information. 


¢ Asite can be part of different VPNs. 


* A VPN can be seen as a community of interest 
(closed user group). 


* Complex VPN topologies are supported by multiple 
virtual routing tables on the PE routers. 
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With the introduction of complex VPN topologies, the definition of a VPN has needed to be 
changed. A VPN is simply a collection of sites sharing common routing information. In 
traditional switched WAN terms (for example, in X.25 terminology), such a concept would be 
called a closed user group (CUG). 


In the classic VPN, all sites connected to a VPN shared a common routing view. In complex 
VPNs, however, a site can be part of more than one VPN. This results in differing routing 
requirements for sites that belong to a single VPN and those that belong to more than one VPN. 
These routing requirements have to be supported with multiple virtual routing tables on the PE 
routers. 
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What Is the Impact of Complex VPN Topologies 
on Virtual Routing Tables? 


This topic describes the impact of complex VPN topologies on virtual routing tables. 


Impact of Complex VPN Topologies on 
Virtual Routing Tables 


° A virtual routing table in a PE router can be used 
only for sites with identical connectivity 
requirements. 


* Complex VPN topologies require more than one 
virtual routing table per VPN. 


° As each virtual routing table requires a distinct RD 
value, the number of RDs in the MPLS VPN network 
increases. 


A single virtual routing table can be used only for sites with identical connectivity 
requirements. Complex VPN topologies, therefore, require more than one virtual routing table 
per VPN. 


Note If sites with different requirements are associated with the same virtual routing table, some 
of the sites might be able to access destinations that should not be accessible to them. 


Because each virtual routing table requires a distinctive RD, the number of RDs in an MPLS 
VPN network increases with the introduction of overlapping VPNs. Moreover, the simple 
association between RD and VPN that was true for simple VPNs is also gone. 
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Example: Impact of Complex VPN Topologies on Virtual 
Routing Tables 


To illustrate the requirements for multiple virtual routing tables, consider a VoIP service with 
three VPNs (customer A, customer B, and a VoIP VPN). 


Impact of Complex VPN Topologies on 
Virtual Routing Tables (Cont.) 


Sites A-1 and A-2 can share 
the same routing table. 
Central Site A Site A-1 Site A-2 
NS 


Central site A needs its 
POP-X own routing table. 
VoIP Gatewa ; 
Voice gateways can 
share routing tables. 
POP-Y 
VoIP Gateway Central site B needs its 
Wa Gusionenmonn routing table. 


Central Site B Site B-1 Site B-2 
Sites B-1 and B-2 can share 
the same routing table. 


The virtual routing table needs of this service are as follows: 


m All sites of customer A (apart from the central site) can share the same virtual routing table 
because they belong to a single VPN. 


m The same is true for all sites of customer B (apart from the central site). 


m= The VoIP gateways participate only in the VoIP VPN and can belong to a single virtual 
routing table. 


m= Central site A has unique connectivity requirements—it has to see sites of customer A and 
sites in the VoIP VPN and, consequently, requires a dedicated virtual routing table. 


m= Likewise, central site B requires a dedicated virtual routing table. 


Therefore, in this example, five different VRF tables are needed to support three VPNs. There 
is no one-to-one relationship between the number of VRFs and the number of VPNs. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


MPLS VPN architecture combines the best features of the 
overlay and peer-to-peer VPN models. 


The architecture of a PE router in an MPLS VPN uses separate 
virtual routers containing the routes of each customers inside 
one physical router. 


The most scalable method of exchanging customer routes 


across a provider network is the use of a single BGP routing 
protocol from PE to PE. 


Route distinguishers transform nonunique 32-bit addresses 
into 96-bit unique addresses. 


Route targets are used to identify VPN membership in 
overlapping topologies. 

VPNs are now considered a collection of sites sharing common 
routing information. 


Placing sites with different routing requirements in the same 
virtual routing table will result in inconsistent routing. 
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Lesson 5 | 


Introducing the MPLS VPN 
Routing Model 


Overview 


This lesson explains the routing requirements for MPLS VPNs. The lesson offers address and 
routing perspectives from the customer and service provider side, and it discusses how routing 
tables appear on PE routers. This lesson also discusses MPLS VPN end-to-end information 
flow, MP-BGP, updates, and display formats. 


It is important to understand how information is routed in an MPLS VPN, and how the routing 
tables are viewed and interpreted. This lesson will help you to get a clear understanding of the 
similarities and differences between the global routing table and the virtual routing tables that 

are created in an MPLS VPN. 


Objectives 


Upon completing this lesson, you will be able to identify the routing requirements for MPLS 
VPNs. This ability includes being able to meet these objectives: 


m™ Describe the routing requirements for MPLS VPNs 

m Describe the MPLS VPN routing model for CE routers, PE routers, and P routers 
m™ Describe how IPV4 is used to provide support for existing Internet routing 

m Identify the routing tables implemented in the PE router to support MPLS VPNs 
m™ Describe the end-to-end flow of routing updates in an MPLS VPN 


= Describe how an MPLS VPN determines which routes are distributed to a CE router 
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MPLS VPN Routing Requirements 


This topic describes the routing requirements for MPLS VPNs. 


MPLS VPN Routing Requirements 


* CE routers have to run standard IP routing 
software. 


¢ PE routers have to support MPLS VPN services 
and Internet routing. 


¢ P routers have no VPN routes. 


The designers of MPLS VPN technology were faced with the following routing requirements: 


™ CE routers should not be MPLS VPN-aware; CE routers should run standard IP routing 
software. 


m= PErouters must support MPLS VPN services and traditional Internet services. 


m To make the MPLS VPN solution scalable, P routers must not carry VPN routes. 
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What Is the MPLS VPN Routing Model? 


This topic describes the MPLS VPN routing model for CE routers, PE routers, and P routers. 


MPLS VPN Routing: 
CE Router Perspective 


aS 
MPLS VPN Backbone 


CE Router 


PE|Router 


we” 


CE Router 


¢ The CE routers run standard IP routing software and exchange 
routing updates with the PE router. 


— EBGP, OSPF, RIPv2, EIGRP, and static routes are supported. 
¢ The PE router appears as another router in the C-network. 


MPLS v2.1—4-4 


The MPLS VPN backbone should look like a standard corporate backbone to the CE routers. 
The CE routers run standard IP routing software and exchange routing updates with the PE 
routers, which appear to them as normal routers in the C-network. 


Note In Cisco |OS Release 12.2, the choice of routing protocols that can be run between a CE 
router and a PE router is limited to static routes, RIP version 2 (RIPv2), Open Shortest Path 
First (OSPF), and External Border Gateway Protocol (EBGP). 
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MPLS VPN Routing: 
Overall Customer Perspective 


BGP Backbone 


PE Router 


a 
wen 


CE Router sits icp! | site iGP| | Site IGP|: 


¢ To the customer, the PE routers appear as core routers 
connected via a BGP backbone. 


¢ The usual BGP and IGP design rules apply. 
¢ The P routers are hidden from the customer. 
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From the customer perspective, the MPLS VPN backbone looks like an intracompany BGP 
backbone with PE routers performing route redistribution between individual sites and the core 
backbone. The standard design rules used for enterprise BGP backbones can be applied to the 
design of the C-network. 


The P routers are hidden from customer view; the internal topology of the BGP backbone is 
therefore transparent to the customer. 
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MPLS VPN Routing: 
P Router Perspective 


* P routers do not participate in MPLS VPN routing 
and do not carry VPN routes. 


* P routers run backbone IGP with the PE routers 
and exchange information about global 
subnetworks (core links and loopbacks). 
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From the P router perspective, the MPLS VPN backbone looks even simpler—the P routers do 
not participate in MPLS VPN routing and do not carry VPN routes. The P routers run only a 
backbone Interior Gateway Protocol (IGP) with other P routers and with PE routers, and 
exchange information about core subnetworks. BGP deployment on P routers is not needed for 
proper MPLS VPN operation; it might be needed, however, to support traditional Internet 
connectivity that has not yet been migrated to MPLS. 
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MPLS VPN Routing: 
PE Router Perspective 


MPLS VPN Backbone 


CE Router MP-IBGP CE Router 
> > > 
wea <n we ~ 
aE Router P Router PE RouteNeep 
7 2 
Core IGP 


Z 
CE Router CE Router? 


PE routers: 


e Exchange VPN routes with CE routers via per-VPN routing 
protocols 


e Exchange core routes with P routers and PE routers via core IGP 


¢ Exchange VPNV4 routes with other PE routers via MP-IBGP 
sessions 
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The PE routers are the only routers in MPLS VPN architecture that see all routing aspects of 
the MPLS VPN. PE routers are able to do the following: 


m PErouters exchange IPv4 VPN routes with CE routers via various routing protocols 
running in the virtual routing tables. 


m PErouters exchange VPNV4 routes via MP-IBGP sessions with other PE routers. 


m PErouters exchange core routes with P routers and other PE routers via core IGP. 
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Existing Internet Routing Support 


This topic describes how IPv4 is used to provide support for existing Internet routing. 


Support for Existing Internet ould 


MPLS VPN Backbone 


CE Router IPv4 BGP for Internet CE Router 


~~ _ 


PE Router P Router PE Router 
Core IGP Core IGP 


g 
CE Router CE Router? 


PE routers can run standard IPv4 BGP in the global 
routing table: 


¢ PE routers exchange Internet routes with other PE routers. 
¢ CE routers do not participate in Internet routing. 
¢ P routers do not need to participate in Internet routing. 


MPLS v2.1—4-8 


The routing requirements for PE routers also extend to supporting Internet connectivity —PE 
routers have to exchange Internet routes with other PE routers. The CE routers cannot 
participate in Internet routing if the Internet routing is performed in global address space. The P 
routers could participate in Internet routing; however, Internet routing should be disabled on the 
P routers to make the network core more stable. 
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Routing Tables on PE Routers 
This topic identifies the routing tables implemented in the PE router to support MPLS VPNs. 
Routing Tables on PE Routers 


MPLS VPN Backbone 


PE Route) P Router PE Router 
Core IGP Core IGP 


CE Router IPv4 BGP for Internet CE Router: 


PE routers contain a number of routing tables: 


* The global routing table contains core routes (filled with core 
IGP) and Internet routes (filled with IPv4 BGP). 


¢ The VRF tables contains routes for sites of identical routing 
requirements from local (IPv4 VPN) and remote 
(VPNv4 via MP-BGP) CE routers. 
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The PE routers fulfill various routing requirements imposed on them by using a number of IP 
routing tables, such as the following: 


= The global IP routing table (the IP routing table that is always present in a Cisco IOS 
software-based router even if it is not supporting an MPLS VPN) contains all core routes 
(inserted by the core IGP) and the Internet routes (inserted from the global IPv4 BGP 
table). 


m= The VRF tables contain sets of routes for sites with identical routing requirements. The 
VRFs are filled with intra- VPN IGP information exchanged with the CE routers and with 
VPNV4 routes received through MP-BGP sessions from the other PE routers. 
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Identifying End-to-End Routing Update Flow 


This topic describes the end-to-end flow of routing updates in an MPLS VPN. 


End-to-End Routing Update Flow 


MPLS VPN Backbone 


CE Router CE Router 


~~ 
wen w~ we~ 


IPv4 Update 
|/ PE Router P Router PE Router 
= 


CE Router CE Router e 


PE routers receive IPv4 routing updates from CE 
routers and install them in the appropriate VRF table. 
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These figures provide an overview of end-to-end routing information flow in an MPLS VPN 


network. 


Example: End-to-End Routing Update Flow 


The figure here illustrates how PE routers receive IPv4 routing updates from the CE routers and 


install them in the appropriate VRF table. 
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End-to-End Routing Update Flow (Cont.) 


MPLS VPN Backbone 


CE Router CE Router 


~~ > > 
en wom en 
IPv4 Update MP-BGP Update 
|/ PE Router P Router PE Router 
_ 


CE Router CE Router : 


PE routers export VPN routes from VRF tables into 
MP-BGP and propagate them as VPNv4 routes to 
other PE routers. 
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The customer routes from VRF tables are exported as VPNv4 routes into MP-BGP and 
propagated to other PE routers. 


Initial MPLS VPN implementation in Cisco IOS software (Cisco IOS Releases 12.0 T and 
12.1) supports MPLS VPN services only within the scope of a single AS. The MP-BGP 
sessions between the PE routers are therefore IBGP sessions and are subject to the IBGP split- 
horizon rules. Thus, either a full mesh of MP-IBGP sessions is required between PE routers, or 
route reflectors need to be used to reduce the full mesh IBGP requirement. 
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End-to-End Routing Update Flow: 
MP-BGP Update 


An MP-BGP update contains the following: 
° VPNv4 address 


¢ Extended communities 
(route targets, optionally SOO) 


* Label used for VPN packet forwarding 


¢ Any other BGP attribute (for example, AS path, 
local preference, MED, standard community) 


An MP-BGP update exchange between PE routers contains the following: 


VPNV4 address 
Extended BGP communities (RTs required; Site of Origin, or SOO, optional) 


Label used for VPN packet forwarding (The “Forwarding MPLS VPN Packets” lesson 
explains how the label is used.) 


Mandatory BGP attributes (for example, AS path) 


Optionally, the MP-BGP update can contain any other BGP attribute; for example, local 
preference, multi-exit discriminator (MED), or standard BGP community. 
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End-to-End Routing Update Flow (Cont.) 


MPLS VPN Backbone 
CE Router CE Router 


wes ws 


=z 
MP-BGP Update 
|/ PE Router P Router PE Router \| 


CE Router CE Router : 


* The receiving PE router imports the incoming VPNv4 
routes into the appropriate VRF based on route 
targets attached to the routes. 


° The routes installed in the VRFs are propagated to 
the CE routers. 
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The PE routers receiving MP-BGP updates import the incoming VPNV4 routes into their VRFs 
based on RTs attached to the incoming routes and on import RTs configured in the VRFs. The 
VPNV4 routes installed in the VRFs are converted to IPv4 routes and then propagated to the CE 
routers. 
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Route Distribution to CE Routers 


This topic describes how an MPLS VPN determines which routes are distributed to a CE 
router. 


Route Distribution to CE Routers 


* Route distribution to sites is driven by the 
following: 


—SOO 
—RT BGP communities 


¢ A route is installed in the site VRF that matches the 
RT attribute. 


VPNV4 routes are installed into VRFs on the receiving PE router; the incoming VPNV4 route is 
imported into the VRF only if at least one RT attached to the route matches at least one import 
RT configured in the VRF. 


The SOO attribute attached to the VPNv4 route controls the IPv4 route propagation to the CE 
routers. A route inserted into a VRF is not propagated to a CE router if the SOO attached to the 
route is equal to the SOO attribute associated with the CE router. The SOO can thus be used to 
prevent routing loops in MPLS VPN networks with multihomed sites. The RTs attached to a 
route and the import RTs configured in the VRF drive the import of the routes to the CE router. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 
eee Cisco.com | 


¢ MPLS VPN routing requirements for scalability 
require that CE routers run standard protocols. The 
PE routers provide the VPN routing and services, 
while the P routers do not participate in VPN routing. 


The MPLS VPN model provides for the CE routers to 
use standard protocols (static, RIPv2, OSPF, EIGRP, 
EBGP) to the PE routers. The PE routers exchange 
customers routers among other PE routers via MP- 
BGP. The P routers only provide core IGP backbone 
routing to the PE routers. 


The PE router functions can extend to carry regular 
Internet routing via IPv4 BGP in addition to the 
MP-BGP. 


Summary (Cont.) 


* PE routers provide MPLS VPN services by separating 
the global IPv4 BGP routing table from each unique 
customer VPNv4 MP-BGP routing table, resulting in 
multiple virtual routing tables. 


MPLS VPN routing starts with the PE router receiving 
CE customer IPv4 updates. Next, the PE router exports 
these IPv4 routes to other appropriate destination PE 
routers as VPNv4 routers via MP-BGP. Finally, the 
destination PE router imports the VPNv4 routes and 
forwards them to the final CE router as an IPv4 update. 


MPLS VPN route distribution to destination CE routers 
is determined by BGP communities. These 
communities identify CE routes using route targets and 
an optional SOO for loop detection. 
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Lesson 6 | 


Forwarding MPLS VPN 
Packets 


Overview 


This lesson explains how forwarding across an MPLS VPN backbone occurs, identifies how 
labels get propagated, and explains the effects of summarization in the core. 


It is important to understand how packets are forwarded across an MPLS VPN backbone, 
because this understanding will help you when you try to isolate problems in the network. This 
lesson explains how the far-end label is sent to the ingress PE router and how that information 
is shared. 


Objectives 


Upon completing this lesson, you will be able to describe how packets are forwarded in an 
MPLS VPN environment. This ability includes being able to meet these objectives: 


Describe the end-to-end MPLS VPN forwarding mechanisms 
Describe the operation of PHP in an MPLS VPN environment 
Describe how labels are propagated between PE routers 
Describe the effects of MPLS VPNs on label propagation 
Describe the effects of MPLS VPNs on packet forwarding 
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What Are the End-to-End VPN Forwarding 
Mechanisms? 


4-78 


This topic describes the end-to-end MPLS VPN forwarding mechanisms. 


VPN Packet Forwarding Across an MPLS 
VPN Backbone 
pee CiSCOCOT | 
= MPLS VPN Backbone = 
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Ingress P Router P Router Egress 
PE Router PE Router 
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Question: How will the PE routers forward the VPN packets across the 
MPLS VPN backbone? 


Answer #1: The PE routers will label the VPN packets with an LDP label for the 
egress PE router and forward the labeled packets across the MPLS 


Rastits: backbone. 


The P routers perform the label switching, and the packet reaches the 
egress PE router. 

However, the egress PE router does not know which VRF to use for packet 
switching, so the packet is dropped. 

How about using a label stack? 
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An MPLS-oriented approach to MPLS VPN packet forwarding across the MPLS VPN 
backbone would be to label the customer packet with the label assigned by Label Distribution 
Protocol (LDP) for the egress PE router. The core routers consequently would never see the 
customer IP packet; instead, the core routers would see just a labeled packet targeted toward the 
egress PE router. The core routers would perform simple label-switching operations, finally 
delivering the customer packet to the egress PE router. Unfortunately, the customer IP packet 
would contain no VPN or VRF information that could be used to perform VRF lookup on the 
egress PE router. The egress PE router would not know which VRF to use for packet lookup 
and would, therefore, have to drop the packet. 
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VPN Packet Forwarding Across an MPLS 
VPN Backbone (Cont.) 
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Question: How will the PE routers forward the VPN packets across the 
MPLS VPN backbone? 

Answer #2: The PE routers will label the VPN packets with a label stack, using the LDP 
label for the egress PE router as the top label, and the VPN label assigned 
by the egress PE router as the second label in the stack. 

Result: 


¢ The P routers perform label switching, and the packet reaches the egress PE router. 


* The egress PE router performs a lookup on the VPN label and forwards the packet 
toward the CE router. 
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An MPLS label stack can be used to tell the egress PE router what to do with the VPN packet. 
When using the label stack, the ingress PE router labels the incoming IP packet with two labels. 
The top label in the stack is the LDP label for the egress PE router; this label guarantees that the 
packet will traverse the MPLS VPN backbone and arrive at the egress PE router. The second 
label in the stack is assigned by the egress PE router and tells the router how to forward the 
incoming VPN packet. The second label could point directly toward an outgoing interface, in 
which case the egress PE router would perform label lookup only on the VPN packet. The 
second label could also point to a VRF, in which case the egress PE router would first perform 
a label lookup to find the target VRF and then perform an IP lookup within the VRF. 


Both methods are used in Cisco IOS software. The second label in the stack points toward an 
outgoing interface whenever the CE router is the next hop of the VPN route. The second label 
in the stack points to the VRF table for aggregate VPN routes, VPN routes pointing to a null 
interface, and routes for directly connected VPN interfaces. 


The two-level MPLS label stack satisfies the following MPLS VPN forwarding requirements: 


m= The P routers perform label switching on the LDP-assigned label toward the egress PE 
router. 


m The egress PE router performs label switching on the second label (which it has previously 
assigned) and either forwards the IP packet toward the CE router or performs another IP 
lookup in the VRF pointed to by the second label in the stack. 
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What Is VPN PHP? 


This topic describes operation of penultimate hop popping (PHP) in an MPLS VPN 
environment. 


VPN Penultimate Hop Popping 
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¢ Penultimate hop popping on the LDP label can be 
performed on the last P router. 


* The egress PE router performs label lookup only on the 
VPN label, resulting in faster and simpler label lookup. 


* IP lookup is performed only once—in the ingress PE router. 
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PHP (the removal of the top label in the stack on the hop prior to the egress router) can be 
performed in frame-based MPLS networks. In these networks, the last P router in the label 
switched path (LSP) tunnel pops the LDP label (as previously requested by the egress PE router 
through LDP), and the PE router receives a labeled packet that contains only the VPN label. In 
most cases, a single label lookup performed on that packet in the egress PE router is enough to 
forward the packet toward the CE router. The full IP lookup through the Forwarding 
Information Base (FIB) is performed only once, in the ingress PE router, even without PHP. 


4-80 Implementing Cisco MPLS (MPLS) v2.1 Copyright © 2004, Cisco Systems, Inc. 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Propagating VPN Labels Between PE Routers 


This topic describes how labels are propagated between PE routers. 


VPN Label Propagation 


MPLS VPN Backbone 


CE Router CE Router 


Ingress P Router P Router Egress 
PE Router PE Router 


CE Router CE Router 


Question: How will the ingress PE router get the second label in the 
label stack from the egress PE router? 


Answer: Labels are propagated in MP-BGP VPNv4 routing updates. 


MPLS v2.1—4-6 


The previous figures showed that an MPLS label stack with the second label is required for 


proper MPLS VPN operation. This label was allocated by the egress PE router. This label has 


to be propagated from the egress PD router to the ingress PE routers to enable proper packet 


forwarding. MP-BGP was chosen as the propagation mechanism. Every MP-BGP update thus 


carries a label assigned by the egress PE router together with the 96-bit VPNv4 prefix. 
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Example: VPN Label Propagation Between PE Routers 


The figure illustrates VPN label propagation between PE routers. 


VPN Label Propagation (sone) 


MPLS VPN Backbone 


CE Router 


Ss a 
LSP Label = 26 


P Router P Router Egress 
PE Router PE Router 


CE Router CE Router 


Step 1: A VPN label is assigned to every VPN route by the egress 
PE router. 


Step 2: The VPN label is advertised to all other PE routers in an MP-BGP 
update. 
Step 3: A label stack is built in the VFR table. 


These steps describe the label propagation between PE routers. 


Step 1 The egress PE router assigns a label to every VPN route received from the attached 
CE routers and to every summary route summarized inside the PE router. This label 
is then used as the second label in the MPLS label stack by the ingress PE routers 
when labeling VPN packets. 


The VPN labels assigned locally by the PE router can be inspected with the show mpls 
forwarding vrf xxx command (where “xxx” is the name of the VRF). 


Step 2 The VPN labels assigned by the egress PE routers are advertised to all other PE 
routers together with the VPNVv4 prefix in MP-BGP updates. 


The labels can be inspected with the show ip bgp vpnv4 all tags command on the ingress PE 
router. 


The routes that have an input label but no output label are the routes received from the CE 
routers (and the input label was assigned by the local PE router). The routes with an output 
label but no input label are the routes received from the other PE routers (and the output label 
was assigned by the remote PE router). 


For example, the VPN label for destination 192.188.10.0 is 38 and was assigned by the egress 
PE router. 


Note Like many Cisco IOS software show commands, the show ip bgp vpnvé4 all tags command 
uses the old terminology labels called “tags.” 
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Step 3 The ingress PE router has two labels associated with a remote VPN route: a label for 
the BGP next hop assigned by the next-hop P router via LDP—and taken from the 
local label information base (LIB)—and also the label assigned by the remote PE 
router and propagated via MP-BGP update. Both labels are combined in a label 
stack and installed in the VRF table. 


The label stack in the VRF table can be inspected using the show ip cef vrf detail command. 
The tags imposed part of the printout displays the MPLS label stack. The first label in the 
MPLS label stack is the LDP label forwarded toward the egress PE router, and the second label 
is the VPN label advertised by the egress PE router. 
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What Are the Effects of MPLS VPNs on Label 
Propagation? 


4-84 


This topic describes the effects of MPLS VPNs on label propagation. 


MPLS VPNs and Label Propagation 


* The VPN label must be assigned by the BGP next hop. 


¢ The BGP next hop should not be changed in the 
MP-IBGP update propagation. 


— Do not use the next-hop-self command on 
confederation boundaries. 


° The PE router must be the BGP next hop. 
— Use the next-hop-self command on the PE router. 


° The label must be reoriginated if the next hop is 
changed. 


— A new label is assigned every time that the MP-BGP 
update crosses the AS boundary where the next hop 
is changed. 


MPLS VPN packet forwarding works correctly only if the router specified as the BGP next hop 
in the incoming BGP update is the same router as the one that assigned the second label in the 
label stack. The following describes three scenarios that can cause the BGP next hop to be 
different from the IP address of the PE router assigning the VPN label: 


m Ifthe customer route is received from the CE router via an EBGP session, the next hop of 
the VPNV4 route is still the IP address of the CE router (the BGP next hop of an outgoing 
IBGP update is always identical to the BGP next hop of the incoming EBGP update). You 
have to configure the next-hop-self command on the MP-BGP sessions between PE routers 
to make sure that the BGP next hop of the VPNv4 route is always the IP address of the PE 
router, regardless of the routing protocol used between the PE router and the CE router. 


m The BGP next hop should not change inside an AS. It can change, however, if you use the 
next-hop-self command on an inter-AS boundary inside a BGP confederation or if you use 
inbound the route-map command on a PE route to change the next hop (a strongly 
discouraged practice). To prevent this situation, never change the BGP next hop with the 
route-map or next-hop-self commands inside an AS. 


m= The BGP next hop is always changed on an EBGP session. If the MPLS VPN network 
spans multiple public autonomous systems (not just autonomous systems within a BGP 
confederation), special provisions must be made in the AS boundary routers to reoriginate 
the VPN label at the same time that the BGP next hop is changed. This functionality is 
supported by Cisco IOS Releases 12.1(4) T, 12.2, and later. 
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What Are the Effects of MPLS VPNs on Packet 
Forwarding? 


This topic describes the effects of MPLS VPNs on packet forwarding. 


MPLS VPNs and Packet Forwarding 


° The VPN label is understood only by the egress PE 
router. 


¢ An end-to-end LSP tunnel is required between the 
ingress and egress PE routers. 


*° BGP next hops must not be announced as BGP 
routes. 


¢ LDP labels are not assigned to BGP routes. 


¢ BGP next hops announced in IGP must not be 
summarized in the core network. 


—Summarization breaks the LSP tunnel. 


For successful propagation of MPLS VPN packets across an MPLS backbone, there must be an 
unbroken LSP tunnel between PE routers. This is because the second label in the stack is 
recognized only by the egress PE router that has originated it and will not be understood by any 
other router should it ever become exposed. 


The following describes two scenarios that could cause the LSP tunnel between PE routers to 
break: 


m Ifthe IP address of the PE router is announced as a BGP route, it will have no 
corresponding LDP label and the label stack will not be built correctly. 


m= Ifthe P routers perform summarization of the address range within which the IP address of 
the egress PE router lies, the LSP tunnel will be disrupted at the summarization point, as 
illustrated in the figure. 
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Example: Summarization in the Core 


In the figure, the P router summarizes the loopback address of the egress PE router. 


MPLS VPNs and Packet Forwarding: 


Summarization in the Core 
_—— e/a yc | 


Aggregation Point 
I 


P router performs 
penultimate hop popping. 
MPLS VPN Backbone 


CE Router 
a P* 


Ingress P Router 


PE Router 


CE Router 


P router is faced with a 
VPN label that it does 
not understand. 


P Router Egress 


PE Router 


CE Router 


P router summarizes 
PE loopback. 


Penultimate hop popping 
is requested through LDP. 


The LSP tunnel is broken at a summarization point, so the summarizing router needs to perform 
full IP lookup. In a frame-based MPLS network, the P router would request PHP for the 
summary route, and the upstream P router (or a PE router) would remove the LDP label, 
exposing the VPN label to the P router. Because the VPN label is assigned not by the P router 
but by the egress PE router, the label will not be understood by the P router and the VPN packet 


will be dropped or misrouted. 
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Summary 


This topic summarizes the key points discussed in this lesson. 


Summary 


Cisco.com | 


¢ PE routers forward packets across the MPLS VPN 
backbone using label stacking. 


¢ The last P router in the LSP tunnel pops the LDP 
label, and the PE router receives a labeled packet 
that contains only the VPN label. 


¢ Labels are propagated between PE routers using 
MP-BGP. 


*° BGP next hops should not be announced as BGP 
routes. 


¢ LDP labels are not assigned to BGP routes. 
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Module Summary 


This topic summarizes the key points discussed in this module. 


Module Summary 
eee em | 


Please revise as: “MPLS VPNs are logically divided into a C- 
network and a P-network. The C-network point of interface is the 
CE router into the PE router of the P-network. 


VPNs replace dedicated links with virtual point-to-point links on 
common infrastructure, reducing operating costs for customers. 


VPNs are categorized based on business need or connectivity 
requirement. 


Customer addresses are made unique by prepending and RDs 
and are forwarded based on RT. 


CE routers run standard IP routing protocols to PE routers. 
MP-BGP is used between PE routers while their core P routers 
only use non-VPN IGP. 


Label stacking is used in forwarding packets across MPLS VPNs 
to reach the egress PE router on one label followed by the 
egress interface on the second label. 


The two major VPN design options—overlay VPN and peer-to-peer VPN—have many benefits 
and drawbacks. The VPN topology categories and architectural components help determine the 
method for forwarding packets in an MPLS VPN environment. 


References 
For additional information, refer to these resources: 


= Access Cisco.com for additional information about VPNs. 
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Module Self-Check 


Use the questions here to review what you learned in this module. The correct answers and 
solutions are found in the Module Self-Check Answer Key. 


Ql) _ Traditional router-based networks were implemented using which type of links? 
(Source: Introducing Virtual Private Networks) 
A) PVC 
B) dedicated point-to-point 
C) SVC 
D) emulated point-to-point 

Q2) — VPNs are implemented using which type of links? (Source: Introducing Virtual Private 
Networks) 
A) emulated point-to-point 
B) dedicated point-to-point 
C) PVC 
D) PSTN 

Q3) — Which two network elements are contained in the P-network? (Choose two.) (Source: 
Introducing Virtual Private Networks) 
A) P device 
B) CE device 
C) PE device 
D) CPE device 

Q4) What are the two types of virtual circuits supported by switched WAN technologies? 
(Source: Introducing Virtual Private Networks) 

Q5) Which of the following is a characteristic of an overlay VPN? (Source: Introducing 
Virtual Private Networks) 
A) PE routers carry all routes from all customers. 
B) An overlay VPN guarantees optimum routing between customer sites. 
C) The service provider participates in the customer routing. 
D) The service provider provides virtual point-to-point links between customer 

sites. 
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Q6) In the traditional switched WAN model for Layer 2 VPN implementation, what are the 
service provider and customer responsible for? (Source: Introducing Overlay and Peer- 
to-Peer VPNs) 


The service provider is responsible for 
The customer is responsible for 


The peer-to-peer VPN concept was introduced to help overcome what type of 
drawback? 


Q7) How is a peer-to-peer VPN implemented using packet filters? (Source: Introducing 
Overlay and Peer-to-Peer VPNs) 


Q8) How do you implement a peer-to-peer VPN based on controlled route distribution? 
(Source: Introducing Overlay and Peer-to-Peer VPNs) 


Q9) Which VPN type does NOT require the service provider to participate in customer 
routing? (Source: Introducing Overlay and Peer-to-Peer VPNs) 
A) overlay 
B) peer-to-peer 

Q10) For which VPN type is it easier to provision an additional VPN? (Source: Introducing 
Overlay and Peer-to-Peer VPNs) 
A) overlay 
B) peer-to-peer 

Q11) Which VPN type requires the PE router to carry all routes from all customers? (Source: 
Introducing Overlay and Peer-to-Peer VPNs) 


A) overlay 
B) peer-to-peer 
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Q12) Which VPN type requires the service provider to participate in customer routing? 
(Source: Introducing Overlay and Peer-to-Peer VPNs) 
A) overlay 
B) peer-to-peer 

Q13) Describe the use of address space and packet routing in each of the following peer-to- 
peer implementations. (Source: Introducing Overlay and Peer-to-Peer VPNs) 
Shared PE router 
Dedicated PE router 

Q14) Which connectivity category should you use if all sites must have connectivity with 
each other? (Source: Introducing Overlay and Peer-to-Peer VPNs) 
A) simple 
B) overlapping 
C) peer-to-peer 
D) hub-and-spoke 
E) central services 

Q15) Which connectivity category should you use if all sites must have connectivity to a 
server provided by the service provider? (Source: Introducing Overlay and Peer-to-Peer 
VPNs) 
A) simple 
B) overlapping 
C) peer-to-peer 
D) hub-and-spoke 
E) central services 

Q16) What are the connectivity requirements of a managed network VPN? (Source: 
Introducing Overlay and Peer-to-Peer VPNs) 
A) The service provider is restricted to access of the P-network. 
B) The service provider is granted access to the entire C-network. 
C) The service provider is restricted to access of the managed CE routers. 
D) The service provider grants the customer access to the PE routers but not the P 

routers. 

Q17) Name the VPN topology that has many sites connecting to a central site. (Source: 

Categorizing VPNs) 
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Q18) When you are using a dynamic routing protocol such as RIP in a redundant hub-and- 
spoke topology, which of the following is true? (Source: Categorizing VPNs) 
A) Static routing must be used to provide remote-site-to-remote-site connectivity. 
B) Split-horizon updates must be disabled at the hub router if static routing is 
used. 
C) Split-horizon updates must be disabled at the hub router if point-to-point 
subinterfaces are not used. 
D) Split-horizon updates must be enabled at the remote site router when point-to- 
point subinterfaces are not used. 
Q19) Identify the criteria that a customer should consider when determining where virtual 
circuits are established in a partial mesh topology. (Source: Categorizing VPNs) 
Q20) Which component of the VPN business category is used to connect different 
organizations? (Source: Categorizing VPNs) 
A) intranet VPNs 
B) Internet VPNs 
C) access VPNs 
D) extranet VPNs 
Q21) Which component of the VPN business category relies on security mechanisms to 
ensure protection of participating individual organizations? (Source: Categorizing 
VPNs) 
A) intranet VPNs 
B) Internet VPNs 
C) access VPNs 
D) extranet VPNs 
Q22) Which implementation of the VPN business category provides the most cost-effective 
model? (Source: Categorizing VPNs) 
A) overlay 
B) peer-to-peer 
Q23) Which component of the VPN connectivity category provides full connectivity 
between sites? (Source: Categorizing VPNs) 
A) simple 
B) overlapping 
C) central services 
D) managed services 
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Q24) 


Q25) 


Q26) 


Q27) 


Q28) 


Q29) 


Q30) 


Q31) 


Describe the connectivity in a central services extranet. (Source: Categorizing VPNs 


) 


Describe the connectivity in a managed network VPN. (Source: Categorizing VPNs) 


Which routers are MPLS VPN aware of? (Source: Introducing MPLS VPN 
Architecture) 


Which traditional VPN module can the architecture of a PE router in an MPLS VPN 
compared to? (Source: Introducing MPLS VPN Architecture) 


be 


Which protocol is used to transport customer routes directly between PE routers? 
(Source: Introducing MPLS VPN Architecture) 

A) RIP 

B) | VPN 

C) BGP 

D) OSPF 


What is the function of the RD in an MPLS VPN? (Source: Introducing MPLS VPN 
Architecture) 


What is the function of the RT in MPLS VPNs? (Source: Introducing MPLS VPN 
Architecture) 


How has the introduction of complex VPN topologies redefined the meaning of a 
VPN? (Source: Introducing MPLS VPN Architecture) 
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Q32) What could happen if two different sites with different requirements are associated 
with the same virtual routing table? (Source: Introducing MPLS VPN Architecture) 
Q33) In which two ways do MPLS VPNs support overlapping customer address spaces? 
(Choose two.) (Source: Introducing MPLS VPN Architecture) 
A) by implementing unique RDs for each customer 
B) by implementing unique RTs for each customer 
C) by implementing different LSPs for each customer 
D) by implementing virtual routing spaces for each customer 
Q34) Which of the following is true if you use the P-network IPG to propagate customer 
routing information across the P-network? (Source: Introducing MPLS VPN 
Architecture) 
A) The PE router must be VPN-aware. 
B) The P router must be VPN-aware. 
C) Customers can use overlapping address spaces. 
D) The P router must carry all of the customer routes. 
Q35) Why do MPLS VPNs implement route targets? (Source: Introducing MPLS VPN 
Architecture) 
A) to identify different customer VPNs 
B) to allow a site to participate on more than one VPN 
C) to convert a customer address to an MP-BGP address 
D) to convert a nonunique IP address into a unique VPNV4 address 
Q36) Which routing protocol does the CE router run? (Source: Introducing MPLS VPN 
Routing Model) 
A) any IP routing protocol 
B) any VPN-aware BGP protocol 
C) any VPN-aware IP routing protocol 
D) any VPN-aware link-state protocol 
Q37) Which routers exchange VPNV4 routes? (Source: Introducing MPLS VPN Routing 
Model) 
A) P 
B) CE 
C) PE 
Q38) Which protocol would a PE router use to support an existing Internet routing scheme? 
(Source: Introducing MPLS VPN Routing Model) 
A) IS-IS 
B)  EIGRP 
C) BGP IPv4 
D) BGP VPNv4 
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Q39) 


Q40) 


Q41) 


Q42) 


Q43) 


Q44) 


Q45) 


Q46) 


Identify the routing tables implemented in the PE router to support an MPLS VPN and 
describe their contents. (Source: Introducing MPLS VPN Routing Model) 


What BGP function do MPLS VPNs use to transport RTs? (Source: Introducing MPLS 
VPN Routing Model) 


How does the PE router know in which VRF table to install received routes for a 
customer? (Source: Introducing MPLS VPN Routing Model) 


What is the impact of an MPLS VPN on CE routers? (Source: Introducing MPLS VPN 
Routing Model) 

A) The CE routers must support BGP. 

B) The CE routers must run a link-state protocol. 


C) The CE routers can run any standard IP routing protocol. 
D) The IGP of the CE routers must be upgraded to a VPN-aware IGP. 


Why would IPv4 routing be enabled on the PE router? (Source: Introducing MPLS 
VPN Routing Model) 

A) to support the MPLS VPN route update 

B) to support the MPLS VPN route target exports 


C) to support an existing Internet routing scheme 
D) to support the transport of MP-BGP extended communities 


Which two types of routes would an MPLS VPN install into the VRF? (Choose two.) 
(Source: Introducing MPLS VPN Routing Model) 


A) those routes received via an IPv4 update 

B) those routes received via a VPNV4 update 

C) those routes received via the core IGP update 

D) those routes received via the customer IGP update 


What will happen if the SOO attached to the route is equal to the SOO attribute 
associated with the CE router? (Source: Introducing MPLS VPN Routing Model) 


A) The route will not insert into the VRF. 

B) The route will not be inserted into the global table. 

C) The route will be inserted into a VRF but not propagated to a CE router. 

D) The route will be inserted into a VRF but not propagated to neighboring PE 
routers. 


Why does the label stack contain two labels when supporting MPLS VPNs? (Source: 
Forwarding MPLS VPN Packets) 
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Q47) 


Q48) 


Q49) 


Q50) 


Q51) 


Q52) 


Why is the VPN label not popped during the PHP process? (Source: Forwarding MPLS 
VPN Packets) 


Which protocol is used to transport VPN labels between PE routers? (Source: 


Forwarding MPLS VPN Packets) 


LDP 
RSVP 
MP-BGP 
the core IGP 


A) 
B) 
C) 
D) 


In MPLS VPNs, why must the BGP next hop be set to the egress router in all MP- 
IBGP updates? (Source: Forwarding MPLS VPN Packets) 


What scenarios would cause the LSP tunnel between PE routers to break? (Source: 


Forwarding MPLS VPN Packets) 


How can P routers forward VPN packets if they do not have VPN routes? (Source: 


Forwarding MPLS VPN Packets) 


They forward based upon the LSP label. 
They forward based upon the VPN label. 


A) 
B) 
C) 
D) 


They forward based upon the MP-BGP next hop. 
They forward based upon a routing table lookup of the IP address. 


Which router assigns the VPN label? (Source: Forwarding MPLS VPN Packets) 


A) 
B) 
C) 
D) 
E) 


P 

egress CE 

egress PE 

ingress CE 
ingress PE 


Implementing Cisco MPLS (MPLS) v2.1 
The PDF files and any printed representation for this material are the property of Cisco Systems, Inc., 
for the sole use by Cisco employees for personal study. The files or printed representations may not be 
used in commercial training, and may not be distributed for purposes other than individual self-study. 


Copyright © 2004, Cisco Systems, Inc. 


Q53) What is used to identify the label that will be used to transport the VPN packet to the 
egress router? (Source: Forwarding MPLS VPN Packets) 
A) the IGP least-cost path 
B) the EBGP next-hop address 
C) the MP-IBGP next-hop address 
D) the VPN label entry in the LFIB 


Q54) What is the impact of changing a BGP next hop on an MP-BGP update at 
confederation boundaries? (Source: Forwarding MPLS VPN Packets) 


A) The packet will be forwarded but over a suboptimal route. 
B) Packet forwarding for the affected destination will be interrupted. 
C) The P router at the point of summarization will have to perform a routing table 


lookup to identify the MP-IBGP next hop. 

D) The ingress PE router will forward an MPLS packet to the router identified as 
the next hop, where it will be converted to an IP packet and forwarded via MP- 
IBGP. 
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Module Self-Check Answer Key 


Ql) B 

Q2) A 

Q3) A,C 

Q4) switched virtual circuits, permanent virtual circuits 
Q5) D 

Q6) providing end-to-end connectivity, routing updates 


The need for customers to establish point-to-point links or virtual circuits between sites. 


Q7) The service provider allocates portions of its address space to the customers and manages the packet filters 
on the PE routers to ensure full reachability between sites of a single customer and isolation between 
customers. 


Q8) The core service provider routers (P routers) contain all customer routes, and the PE routers contain only 
routes of a single customer. 


Q9) A 
Ql0) B 
Qll) B 
Ql2) B 


Q13) Shared PE router: All customers share the same (provider-assigned or public) address space. The PE router 
contains all customer routes. Packet filters are used to provide isolation between customers. 


Dedicated PE router: All customers share the same address space. The P routers contain all customer 
routes. A route filter is used to forward the routes of each customer to the dedicated PE router of that 


customer. 
Qi4) A 
Qis)  £E 
Ql6) C 


Q17) hub-and-spoke 
Qigs) C 


Q19) The virtual circuits in a partial mesh can be established based on a wide range of criteria, such as traffic 
pattern between sites, availability of physical infrastructure, and cost considerations. 


Q20) OD 
Q21) D 
Q22) B 
Q23) A 


Q24) All customer sites can connect to the server sites. 
All server sites cannot connect to the customer sites. 


Customer sites can connect to each other. 
Q25) Dedicated virtual circuits are deployed between any managed CE router and the central NMS router. 
Q26) P routers 


Q27) the dedicated PE router peer-to-peer model 
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Q28) 


Q29) The RD is used to transform the nonunique IP addresses of the customer into unique VPNV4 addresses. 

Q30) The RT attaches a set of VPN identifiers to a route that indicate its membership in several VPNs. This 
capability allows one site to be a member of more than one VPN. 

Q31) A site can be part of more than one VPN, resulting in differing routing requirements for sites that belong to 
a single VPN. and those belonging to multiple VPNs. 

Q32) Some of the sites might be able to access destinations that they should not be able to access. 

Q33) A,D 

Q34) D 

Q35) B 

Q36) A 

Q37) Cc 

Q38) Cc 

Q39) global IP routing table—contains all core IGP routes and the IPv4 routes; VRFs—contain CE routes and 
VPNV4 routes 

Q40) extended communities 

Q41) Customer routes are identified by the RT contained in the extended BGP community 

Q42) Cc 

Q43) Cc 

Q44) B,D 

Q45) Cc 

Q46) The first label indicates the LSP that will be used to reach the egress router. The second label indicates the 
VPN that the packet belongs to. 

Q47) The egress router needs the label to identify which VPN the packet belongs to. 

Q48) Cc 

Q49) The BGP next hop is used to identify which LSP will be used to get to the egress router. If the IP address 
of the PE router is announced as a BGP route, it will have no corresponding LDP label and the label stack 
will not be built correctly. 

Q50) If the IP address of the PE router is announced as a BGP route, it will have no corresponding LDP label 
and the label stack will not be built correctly. 
If the P routers perform summarization of the address range within which the IP address of the egress PE 
router lies, the LSP tunnel will be disrupted at the summarization point. 

Q51) A 

Q52) Cc 

Q53) Cc 

Q54) B 
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Cc 
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